Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9
Fixed In:
11.6.0, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF6
Opened: Dec 12, 2013 Severity: 3-Major
ASM policy failed to block an HTTP status violation.
It may bypass the security protection of response side.
1. Response capture is enabled. 2. Send response with wrong content length.
N/A
When response logging is enabled, the system now blocks responses with the wrong content length upon "Illegal HTTP status in response" violation.