Bug ID 440525: ASM policy failed to block an HTTP status violation

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
11.6.0, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF6

Opened: Dec 12, 2013

Severity: 3-Major

Symptoms

ASM policy failed to block an HTTP status violation.

Impact

It may bypass the security protection of response side.

Conditions

1. Response capture is enabled. 2. Send response with wrong content length.

Workaround

N/A

Fix Information

When response logging is enabled, the system now blocks responses with the wrong content length upon "Illegal HTTP status in response" violation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips