Bug ID 584840: The "Maximum Line Length" violation is not detected in the last line of a websocket frame.

Last Modified: Apr 19, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Apr 01, 2016
Severity: 2-Critical

Symptoms

The "Maximum Line Length" setting of the plain text profile does not inspect the last line sent in a web socket. This is true even if only a single line of text is sent to the web socket.

Impact

If a max-length violation occurs on the last line of text, ASM will not flag the violation.

Conditions

Plain text profile used, with Maximum Line Length set

Workaround

None

Fix Information

ASM now performs validation the length of all lines in a web socket when Maximum Line Length is specified in the profile.

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5 Networks, Inc. All rights reserved. Policies | Privacy | Trademarks