Bug ID 471766: Number of decoding passes configuration

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.3, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.1 HF2, 11.5.4

Opened: Jul 15, 2014

Severity: 4-Minor

Symptoms

The decoding passes number selected in the "Evasion technique detected" sub-violation setting affects URI and parameter input. However, this setting does not affect the number of decoding passes that the system performs on headers, which is always two.

Impact

A false positive violation is issued.

Conditions

Headers legally may have more than two or more levels of percent decoding

Workaround

None

Fix Information

The number of decoding passes for headers is now taken from the "Evasion technique detected" sub-violation setting.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips