Bug ID 898825: Attack signatures are enforced on excluded headers under some conditions

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6

Fixed In:
14.1.2.7

Opened: Apr 14, 2020
Severity: 3-Major

Symptoms

Attack signatures are marked as detected when they should be marked as excluded (i.e., a false positive).

Impact

False positive enforcement for header signature.

Conditions

-- A 100-continue transaction occurs in HTTP. -- The internal parameter answer_100_continue is set to a non-default value of 0.

Workaround

Set the answer_100_continue to 1 (default) on versions later than 15.0.0.

Fix Information

None

Behavior Change