Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3
Fixed In:
14.0.0, 13.1.0.4
Opened: Feb 06, 2018 Severity: 3-Major
A false positive "no strong integrity param" is sent when none of the configured data-integrity parameters are present in the request.
A false positive "no strong integrity param" alert is sent.
1. a protected URL has at least one parameter configured with data0integrity check enabled 2. enhanced data manipulation is enabled 3. a request without any of the data-integrity parameters is sent to the protected URL
There is no workaround at this time.
"No strong integrity param" alert should be suppressed in case that none of the data-integrity parameters were sent. In case that forcing all data-integrity parameters was enabled (tmsh modify sys db antifraud.autotransactions.parameternameintegrity value enable) - the alert will be sent.
