Bug ID 738864: javascript functions in href are learned from response as new URLs

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 14.0.0.5, 13.1.1.4

Opened: Jul 31, 2018

Severity: 3-Major

Symptoms

New urls representing javascript functions are learned from response.

Impact

Wrong URLs are created and added to the policy (not really interfering with enforcement but adds redundant noise to the policy)

Conditions

Learn from response is turned on and URLs learning set to 'Always'

Workaround

Either: - Change URL learning from 'Always' to any of the other learning options (Compact \ Selective \ Never). - Disable learn from response

Fix Information

javacript functions are no longer learned from responses as new URLs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips