Bug ID 1927225

Bug Tracker
ID 1927225

Bug ID 1927225: Vertical tab (u000b) is removed by the JSON parser from the request

Last Modified: Jul 03, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2

Opened: Apr 15, 2025

Severity: 3-Major

Symptoms

The JSON parser removes the vertical tab (\u00b) from the request, preventing attack signatures from matching and causing the request to be bypassed, despite a possible SQL injection attack.

Impact

Attack signatures are not matched, due to which the SQL injection attack is bypassed.

Conditions

Attaching the JSON profile, send a request with a vertical tab (\u000b).

Workaround

None

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips