BugZero | F5 BugID 1096477 - Parameter set as non-Base64 encoded value is treat...

F5 - Defect ID: 1096477

Parameter set as non-Base64 encoded value is treated as a Base64 encoded value

F5 - Defect ID: 1096477

Parameter set as non-Base64 encoded value is treated as a Base64 encoded value

Last updated on 5/29/2024

Overall: 8.48.4

Severity: 9.19.1

Community: 4.14.1

Lifecycle: 7.97.9

What is the BugZero Risk Score?

Vendor details

Priority: 2-Critical
Status: Verified
Impact Category: Application Security Manager

Overall: 8.48.4

Severity: 9.19.1

Community: 4.14.1

Lifecycle: 7.97.9

What is the BugZero Risk Score?

Vendor details

Priority: 2-Critical
Status: Verified
Impact Category: Application Security Manager

Symptoms

URL parameters that are configured as 'Base64 Decoding' false are still treated as Base64 Encoded values. This leads to reading incorrect parameter values.

Impact

A request gets blocked with an attack signature detected, when it should not be. Negative signature check gets skipped or generates false alarms.

Conditions

Create a parameter, not staged with user-input, alpha-numeric, Base64 values set to False.

Workaround

None

Fix Information

The system now check to determine whether Base64 is set for the parameter before decoding it.

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 1096477

Parameter set as non-Base64 encoded value is treated as a Base64 encoded value

F5 - Defect ID: 1096477

Parameter set as non-Base64 encoded value is treated as a Base64 encoded value

Last updated on 5/29/2024

Vendor details

Vendor details

Description

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 defects by risk score

Ready to prevent the next vendor outage?