Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.2.1, 11.4.1, 11.5.4, 11.5.5, 11.5.6, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.3, 11.6.3.3, 11.5.7
Opened: Jul 08, 2016 Severity: 3-Major
HTTP URI path policy does not match when request-URI starts with "//".
The policy does not match in this case.
Policy unable to catch request when HTTP URI path configured to match value anywhere in path or in initial path segment when the request-URI starts with "//".
The policy could be modified to scan the full URI instead of just the path element however care should be taken to correctly handle potential matches with absolute URIs or in the query string.
None