Bug ID 471766: Number of decoding passes configuration

Last Modified: Nov 05, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1

Fixed In:
12.0.0, 11.6.1 HF2, 11.5.4

Opened: Jul 15, 2014
Severity: 4-Minor

Symptoms

The decoding passes number selected in the "Evasion technique detected" sub-violation setting affects URI and parameter input. However, this setting does not affect the number of decoding passes that the system performs on headers, which is always two.

Impact

A false positive violation is issued.

Conditions

Headers legally may have more than two or more levels of percent decoding

Workaround

None

Fix Information

The number of decoding passes for headers is now taken from the "Evasion technique detected" sub-violation setting.

Behavior Change