Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP ASM, Install/Upgrade
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
11.6.0
Opened: Mar 10, 2014 Severity: 3-Major
Illegal metacharacter override can be added to the security policy. This subsequently prevents the security policy from being applied. This can be see in /var/log/asm.1_transformed: ---------------------------------------------------------------------- Feb 25 11:35:25 bigip2 info perl[10112]: 01310053:6: ASMConfig change: Parameter P3 [update]: Overridden Value Meta-characters were set to 0x3f - allowed. Feb 25 11:35:31 bigip2 info perl[10112]: 01310053:6: ASMConfig change: Parameter P9 [update]: Overridden Value Meta-characters were set to 0x3a - allowed, 0x7fffffff - allowed. ----------------------------------------------------------------------
This subsequently prevents the policy from being applied. It could not apply configuration; set active failed.
When upgrading from 11.3 to 11.5, and when importing your exported policy, it produces an error and failed to roll forward.
N/A
In the security policy, the system no longer accepts meta-character values outside the legal range.