Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5
Fixed In:
14.0.0, 13.1.0.6
Opened: Feb 15, 2018 Severity: 3-Major
Ajax mapping may be set only when 1) ajax-encryption is enabled OR 2) ajax-integrity AND strong-integrity are enabled. The bug allows to set ajax-mapping even for the following (invalid) configuration: ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled
System will set the ajax-mapping field when it should have been blocked.
1) ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled 2) non-empty ajax-mapping
There is no workaround at this time.
FPS should block ajax-mapping configuration when the pre-conditions weren't met.