Bug ID 481530: Signature reporting details for sensitive data violation

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8

Fixed In:
12.0.0, 11.6.1

Opened: Sep 29, 2014
Severity: 3-Major
Related Article:


ASM blocks some requests that match signatures of the 'XPath Injection' attack type, but specific details regarding the violations are not visible for the affected requests as the signatures match sensitive parameters.


You cannot view or learn about violations in the GUI for signatures that match on sensitive parameters.


Request with sensitive data, a signature match inside the sensitive data.


Suggestions of how to acquire the sig id: 1. Attach a custom remote logger that includes the violation details field and the support id. Note: You can configure only these two. 2. Turn on the ATTACK_SIG logger module for the bd.log and grep for 'Matched SIGID:' messages. 3. Remove the sensitive configuration. Note: This might not work for your environment.

Fix Information

Signature names that are matched inside sensitive data are now shown in the violation details in the Configuration utility.

Behavior Change