Bug ID 632344: POP DIRECTIONAL FORMATTING causes false positive

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0, 12.1.2 HF1

Opened: Dec 07, 2016

Severity: 3-Major

Related Article: K24114230

Symptoms

ASM reports false positive violation for the XML request.

Impact

When one of the following 3 byte chars arrives to the XML parser, the payload considered as malformed XML: LEFT-TO-RIGHT EMBEDDING (202a). RIGHT-TO-LEFT EMBEDDING (202b). POP DIRECTIONAL FORMATTING(202c).

Conditions

This occurs when using "%E2%80%AC" POP DIRECTIONAL FORMATTING as a input in the XML request.

Workaround

None.

Fix Information

This release now supports the following 3 byte chars within the XML parser: LEFT-TO-RIGHT EMBEDDING (202a). RIGHT-TO-LEFT EMBEDDING (202b). POP DIRECTIONAL FORMATTING(202c).

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips