Bug ID 706771: FPS ajax-mapping property may be set even when it should be blocked

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5

Fixed In:
14.0.0, 13.1.0.6

Opened: Feb 15, 2018
Severity: 3-Major

Symptoms

Ajax mapping may be set only when 1) ajax-encryption is enabled OR 2) ajax-integrity AND strong-integrity are enabled. The bug allows to set ajax-mapping even for the following (invalid) configuration: ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled

Impact

System will set the ajax-mapping field when it should have been blocked.

Conditions

1) ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled 2) non-empty ajax-mapping

Workaround

There is no workaround at this time.

Fix Information

FPS should block ajax-mapping configuration when the pre-conditions weren't met.

Behavior Change