Bug ID 903313: OWASP page: File Types score in Broken Access Control category is always 0.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0, 16.1.4

Opened: Apr 23, 2020

Severity: 3-Major

Symptoms

Under Broken Access Control category, the contribution of Disallowed File Types seems to be 0 no matter what is the number of Disallowed File Types in policy. As a result, it is not possible to reach full compliance.

Impact

For any OWASP configurable policy (i.e. not parent or child policy), the policy cannot reach the maximum score for Broken Access Control category

Conditions

Security Policy is configured. Not Applicable for parent or child policy.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips