Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.4.1
Fixed In:
11.6.0
Opened: Jan 30, 2014 Severity: 3-Major
The system skips significant parameter characteristics checks. The system will not perform checks on the parameter value.
Skipping significant parameter characteristics checks means temporarily downgrading the security. The system will not perform checks on the parameter value. (When this happens, signatures won't trigger violations against the wildcard parameter.)
When learning mode for Parameters is changed to "Add All Entities", the Parameter Value Type for the wildcard parameter is changed to "Ignore Value".
Manually change the Parameter Value Type for the wildcard to "User-input value".
When the "Explicit Entities Learning" setting for Parameters is changed to "Add All Entities", we changed the Parameter Value Type for the wildcard parameter from "Ignore value" to "User-input value". This was done in order for signatures to trigger violations against the wildcard parameter.