Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.4.0, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.0.0, 11.5.5
Opened: Apr 26, 2015 Severity: 3-Major
Signature set may contain signatures which are not supposed to be part of the set.
Requests may get blocked due to attack signatures which are actually not supposed to be in the policy.
Corrupted manual user-defined signature sets can no longer be created after the fix for Bug 441075. However, pre-existing corrupted manual sets will not be corrected by roll-forward/upgrade from a version prior to the fix.
As a workaround, to prevent signatures from being added to these Signature Sets in the future, use the following SQL: ---------------------------------------------------------------------- DELETE FROM PLC.NEGSIG_SET_FILTERS where set_id in (SELECT set_id FROM PLC.NEGSIG_SETS where flg_is_manual = 1) ---------------------------------------------------------------------- Alternatively, delete the affected Signature Set and re-create as manual.
Pre-existing, corrupted, user-defined (manual) signature sets are now corrected after upgrading from an older version.