Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.1.0
Opened: Jul 22, 2015 Severity: 3-Major
The new --exclude expected a hex value that was a boolean OR of the desired exclusions: (0x1 for audit, 0x2 for secure, 0x4 for bash_history) requiring users to do boolean arithmetic to combine options (e.g., for both audit and secure, the user has to calculate 0x1 | 0x2 and give 0x3).
Usability is improved and self-documents what the user intended (--exclude=audit vs --exclude=0x1). Avoids having the user to do boolean arithmetic. Although simple now, should more options become available, it could get difficult to calculate the exact boolean value desired.
No other options were available, the appropriate hex value had to be supplied and the meaning of the hex value needed to be figured out.
Use the hex value instead of supplying the matching words.
The fix allows the user to input a list of the exclusions with words: --exclude="audit,secure" and the words are then parsed by the program and converted to the boolean equivalent (same as --exclude 0x3).