Bug ID 903313: OWASP page: File Types score in Broken Access Control category is always 0.

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0, 16.1.4

Opened: Apr 23, 2020

Severity: 3-Major


Under Broken Access Control category, the contribution of Disallowed File Types seems to be 0 no matter what is the number of Disallowed File Types in policy. As a result, it is not possible to reach full compliance.


For any OWASP configurable policy (i.e. not parent or child policy), the policy cannot reach the maximum score for Broken Access Control category


Security Policy is configured. Not Applicable for parent or child policy.



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips