Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10
Fixed In:
11.6.0, 11.5.2, 11.5.0 HF1, 11.4.1 HF6, 11.2.1 HF11
Opened: Nov 07, 2013
Severity: 3-Major
False positive attack signatures (e.g 200002271) are triggered on an x-www-form-urlencoded POST request containing a string (which is, actually, Shift-JIS characters represented as %-encoded bytes).
False positive attack signatures (e.g. Signature ID 200002271 looks to be erroneously detected)
Sending high ASCII characters to non-English encoding policy.
N/A
We added the internal parameter "dont_norm_high_ascii". If the value is set to 0 (the default value), the system removes high ASCII bytes as part of the normalization process. If the value is set to 1, the system leaves and does not remove high ASCII bytes. Consider setting this parameter to 1 if your web application uses non-English encoding where high ASCII bytes are legal. Removing these bytes may lead to false positive detection of attack signatures when the remaining bytes exactly compose an attack signature.
