Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.6.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.6.0, 11.5.4 HF2
Opened: Apr 24, 2014 Severity: 3-Major Related Article:
K17250
In non-printable values of AD/LDAP attributes, BIG-IP processing escapes the "|" (pipe) character.
This creates a problem when the value is processed back to its previous value, a process that includes removing the escape characters. In this case, the resulting data does not match the original binary data.
This occurs when there is an AD/LDAP query in use and the query returns binary attributes with the "|" (pipe) character.
Unescape binary attribute values after hexdecode manipulation to match the original value.
When an AD or LDAP query is in use and the query returns binary attributes with the "|" (pipe) character, APM now checks whether the value contains non-printable characters, and if so, hex encodes the value. If the value is printable, APM escapes the "\" and "|" characters (because "|" is used as a separator for multivalue attributes).