Bug ID 767469: Searching ASM Policy Attack Signatures via Rest API can return signatures that are not in the policy

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
15.1.0

Opened: Apr 02, 2019
Severity: 4-Minor

Symptoms

When you make a Rest API call to /mgmt/tm/asm/policies/euMwbEcwgGlvVz1Gb0XZCA/signatures?$select=enabled,performStaging,inPolicy&$filter=signature/attackType/name%20eq%20%27Buffer%20Overflow%27%20, ASM responds with some signatures that are not in the policy.

Impact

Unexpected signatures are returned via the search.

Conditions

Using ASM REST to search for policy attack signatures by an attribute of the signatures themselves. Example: GET /mgmt/tm/asm/policies/euMwbEcwgGlvVz1Gb0XZCA/signatures?$filter=signature/attackType/name%20eq%20%27Buffer%20Overflow%27

Workaround

Add 'inPolicy eq true' to the search filter.

Fix Information

The default filter of 'inPolicy eq true' is now correctly applied when searching for policy signatures by signature attributes.

Behavior Change