Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.2 HF1
Opened: Dec 07, 2016 Severity: 3-Major Related Article:
K24114230
ASM reports false positive violation for the XML request.
When one of the following 3 byte chars arrives to the XML parser, the payload considered as malformed XML: LEFT-TO-RIGHT EMBEDDING (202a). RIGHT-TO-LEFT EMBEDDING (202b). POP DIRECTIONAL FORMATTING(202c).
This occurs when using "%E2%80%AC" POP DIRECTIONAL FORMATTING as a input in the XML request.
None.
This release now supports the following 3 byte chars within the XML parser: LEFT-TO-RIGHT EMBEDDING (202a). RIGHT-TO-LEFT EMBEDDING (202b). POP DIRECTIONAL FORMATTING(202c).