Bug ID 706771: FPS ajax-mapping property may be set even when it should be blocked

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Fixed In:
14.0.0, 13.1.0.6

Opened: Feb 15, 2018

Severity: 3-Major

Symptoms

Ajax mapping may be set only when 1) ajax-encryption is enabled OR 2) ajax-integrity AND strong-integrity are enabled. The bug allows to set ajax-mapping even for the following (invalid) configuration: ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled

Impact

System will set the ajax-mapping field when it should have been blocked.

Conditions

1) ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled 2) non-empty ajax-mapping

Workaround

There is no workaround at this time.

Fix Information

FPS should block ajax-mapping configuration when the pre-conditions weren't met.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips