Last Modified: Oct 06, 2020
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8
Opened: Sep 29, 2014
Related AskF5 Article: K86019555
ASM blocks some requests that match signatures of the 'XPath Injection' attack type, but specific details regarding the violations are not visible for the affected requests as the signatures match sensitive parameters.
You cannot view or learn about violations in the GUI for signatures that match on sensitive parameters.
Request with sensitive data, a signature match inside the sensitive data.
Suggestions of how to acquire the sig id: 1. Attach a custom remote logger that includes the violation details field and the support id. Note: You can configure only these two. 2. Turn on the ATTACK_SIG logger module for the bd.log and grep for 'Matched SIGID:' messages. 3. Remove the sensitive configuration. Note: This might not work for your environment.
Signature names that are matched inside sensitive data are now shown in the violation details in the Configuration utility.