Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8
Fixed In:
12.0.0, 11.6.1
Opened: Apr 30, 2015 Severity: 3-Major
Default entities (File types, Parameters, URLs, Cookies, Signatures, Redirection Domains and Brute Force Log-In URLs) are added to the policy upon XML policy import.
XML policy import adds default entities if the relevant element list (in policy XML doc) is specified and empty.
ASM policy with entities of some type (File types, Parameters, URLs, Cookies, Signatures, Redirection Domains and Brute Force Log-In URLs) deleted (all entities of that type). Export it to XML and then import that XML back - the default entities are added.
The relevant element list (in the policy XML doc), that is specified and empty, should be completely removed (from the policy XML doc).
ASM no longer adds default entities if the relevant element list (in the policy XML document) is specified and empty.