Bug ID 518428: False Positives in XML Handling

Last Modified: Jan 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Opened: Apr 16, 2015
Severity: 3-Major

Symptoms

In an ASM enabled manual sync group that uses XML Profiles to enforce XML schema, data inconsistencies can be introduced after a sync is pushed to an active device which can cause false positives.

Impact

In some cases a data inconsistency is introduced for the XML schema lookup, which causes a false malformed data violation, blocking legal traffic

Conditions

1) ASM Sync is used in a manual sync group 2) XML Profiles are used that validate schema (xsd or wsdl) are used, and the XML malformed data violation is enabled. 3) Changes are made to the XML Profiles and/or new policies are added with new schema. 4) The ASM configuration is pushed to a device.

Workaround

Restarting ASM will resolve the inconsistency. The violation can be disabled until ASM can be restarted.

Fix Information

None

Behavior Change