Bug ID 738864: javascript functions in href are learned from response as new URLs

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 13.1.1.4

Opened: Jul 31, 2018
Severity: 3-Major

Symptoms

New urls representing javascript functions are learned from response.

Impact

Wrong URLs are created and added to the policy (not really interfering with enforcement but adds redundant noise to the policy)

Conditions

Learn from response is turned on and URLs learning set to 'Always'

Workaround

Either: - Change URL learning from 'Always' to any of the other learning options (Compact \ Selective \ Never). - Disable learn from response

Fix Information

javacript functions are no longer learned from responses as new URLs.

Behavior Change