Bug ID 749109: CSRF situation on BIGIP-ASM GUI

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,, 14.0.0,,,,, 14.1.0,

Fixed In:

Opened: Nov 07, 2018
Severity: 3-Major


CSRF situation on the BIG-IP ASM GUI that might potentially lead to resource exhaustion on the device for the moment it is being run.


Once multiple requests are sent to the target GUI, it is possible to see httpd process spiking even in core 0 (VMWare).


The following URL accepts a wildcard in the parameter id, making it a heavy URL: https://BIG-IP/dms/policy/pl_negsig.php?id=*



Fix Information

If the query string parameter has a string value the query is not executed.

Behavior Change