Bug ID 888285: Sensitive positional parameter not masked in 'Referer' header value

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5

Fixed In:
16.0.0, 15.1.1, 14.1.2.8

Opened: Mar 08, 2020
Severity: 3-Major
Related Article: K18304067

Symptoms

When the URI and 'Referer' header share the same positional parameter, the 'Referer' positional parameter is not masked in logs.

Impact

'Referer' header positional parameter value is not masked in logs.

Conditions

Sending a request with positional parameter in URI and 'Referer' header.

Workaround

None.

Fix Information

'Referer' positional parameter value is masked as expected.

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks