Bug ID 584840: The "Maximum Line Length" violation is not detected in the last line of a websocket frame.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Apr 01, 2016

Severity: 2-Critical

Symptoms

The "Maximum Line Length" setting of the plain text profile does not inspect the last line sent in a web socket. This is true even if only a single line of text is sent to the web socket.

Impact

If a max-length violation occurs on the last line of text, ASM will not flag the violation.

Conditions

Plain text profile used, with Maximum Line Length set

Workaround

None

Fix Information

ASM now performs validation the length of all lines in a web socket when Maximum Line Length is specified in the profile.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips