Bug ID 888285: Sensitive positional parameter not masked in 'Referer' header value

Last Modified: Oct 29, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5

Fixed In:
16.0.0, 15.1.1, 14.1.2.8

Opened: Mar 08, 2020
Severity: 3-Major
Related AskF5 Article:
K18304067

Symptoms

When the URI and 'Referer' header share the same positional parameter, the 'Referer' positional parameter is not masked in logs.

Impact

'Referer' header positional parameter value is not masked in logs.

Conditions

Sending a request with positional parameter in URI and 'Referer' header.

Workaround

None.

Fix Information

'Referer' positional parameter value is masked as expected.

Behavior Change