Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
11.6.0, 11.5.0 HF1, 11.4.0 HF6
Opened: Dec 01, 2013 Severity: 3-Major
ASM blocks the post JSON page when tried to submit the autoreply in OWA.
False blocking request.
Sending post JSON page with BOM (Byte Order Mark).
N/A
ASM now supports byte order mark (BOM) in the middle of JSON stream (ASM already supports BOM in the middle of XML stream). This can be used to avoid blocking or triggering a JSON violation. Use the internal parameter "allowBOMInXMLValue", not displayed in the Configuration utility, to turn on BOM support in the middle of JSON or XML stream. To do this, you must change the default value of "allowBOMInXMLValue" from 0 (off) to 1 (on).