Last Modified: Oct 15, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2
Fixed In:
17.5.1.2, 17.1.3
Opened: Apr 15, 2025 Severity: 3-Major
The JSON parser removes the vertical tab (\u00b) from the request, preventing attack signatures from matching and causing the request to be bypassed.
Attack signatures are not matched to the SQL injection attack vector.
Attaching the JSON profile, send a request with a vertical tab (\u000b).
None
None