Last Modified: Dec 07, 2023
Affected Product(s):
BIG-IP ASM
Opened: Apr 16, 2015 Severity: 3-Major
In an ASM enabled manual sync group that uses XML Profiles to enforce XML schema, data inconsistencies can be introduced after a sync is pushed to an active device which can cause false positives.
In some cases a data inconsistency is introduced for the XML schema lookup, which causes a false malformed data violation, blocking legal traffic
1) ASM Sync is used in a manual sync group 2) XML Profiles are used that validate schema (xsd or wsdl) are used, and the XML malformed data violation is enabled. 3) Changes are made to the XML Profiles and/or new policies are added with new schema. 4) The ASM configuration is pushed to a device.
Restarting ASM will resolve the inconsistency. The violation can be disabled until ASM can be restarted.
None