Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AAM
Known Affected Versions:
10.2.4, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Opened: Apr 30, 2015 Severity: 3-Major Related Article:
K16552
10.x WAM policy editor allows the input of special characters on value fields, for example, the accented 'e' character.
WAM does not handle special character matching. For example, WAM does not decode the URI sent by the browser from 'r%C3%A9sum%C3%A9' to the accented word resume).
Using special (non-ASCII) characters.
Do not input special characters in the value text field. Always use the UTF-8 encoding as browsers do (% and hexadecimal). For example, in the value text field, input 'r%C3%A9sum%C3%A9' for the accented word 'resume'.
None