Bug ID 1827821

Bug Tracker
ID 1827821

Bug ID 1827821: isBase64 params and headers not blocking Attack Signatures

Last Modified: Sep 01, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.5.0, 17.5.1

Opened: Mar 05, 2025

Severity: 3-Major

Symptoms

The parameter value in GET requests are considered as base64 even when the calculated score is below 'base64_max_score' Params and headers configured as "Base64Decode=required" do not detect base64 encoded attack signatures.

Impact

No Violations Detected, while the parameter included an attack signature (PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== is the base64 encoded value of <script>alert(1)</script>)

Conditions

-- Create a parameter named "param" configured as "Base64Decode=required". -- Send Request to URL /?param=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==

Workaround

None

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips