Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4
Opened: Apr 19, 2019 Severity: 3-Major
When upgrading from a version to v15.1.0 or later, the system might report 'Illegal entry point' and 'Illegal flow to URL' messages.
False-positive violations.
1. Upgrading from a version prior to v15.1.0 to a v15.1.0 or higher. 2. The policy contains flows, and illegal flow and illegal entry point are configured.
You can use either of the following workarounds: -- Turn off blocking from the illegal flows violations before upgrading. Then wait for some time until the violation alarms no longer appear. -- Use an iRule that unblocks these violations and deletes the ASM cookies when that happens.
None