Bug ID 706771: FPS ajax-mapping property may be set even when it should be blocked

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5

Fixed In:
14.0.0, 13.1.0.6

Opened: Feb 15, 2018

Severity: 3-Major

Symptoms

Ajax mapping may be set only when 1) ajax-encryption is enabled OR 2) ajax-integrity AND strong-integrity are enabled. The bug allows to set ajax-mapping even for the following (invalid) configuration: ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled

Impact

System will set the ajax-mapping field when it should have been blocked.

Conditions

1) ajax-encryption: disabled ajax-integrity: enabled strong-integrity: disabled 2) non-empty ajax-mapping

Workaround

There is no workaround at this time.

Fix Information

FPS should block ajax-mapping configuration when the pre-conditions weren't met.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks