Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Apr 01, 2016 Severity: 2-Critical
The "Maximum Line Length" setting of the plain text profile does not inspect the last line sent in a web socket. This is true even if only a single line of text is sent to the web socket.
If a max-length violation occurs on the last line of text, ASM will not flag the violation.
Plain text profile used, with Maximum Line Length set
None
ASM now performs validation the length of all lines in a web socket when Maximum Line Length is specified in the profile.