BugZero | F5 BugID 1186401 - Using REST API to change policy signature settings...

OPERATIONAL DEFECT DATABASE

...

BugZero | F5 BugID 1186401 - Using REST API to change policy signature settings...

F5 - Defect ID: 1186401

Using REST API to change policy signature settings changes all the signatures.

F5 - Defect ID: 1186401

Using REST API to change policy signature settings changes all the signatures.

Last updated on April 28th, 2025

BugZero Risk Score
6.7 Medium

Overall: 6.7

Severity: 7.3

Community: 4.2

Lifecycle: 7.0

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 3-Major
Status: Verified
Impact Category: Application Security Manager

Description

Symptoms

When you use iControl REST to modify the signatures associated with a policy, the modifications are applied to all the signatures.

Impact

The user was unable to leverage the REST API to make the desired changes to the ASM signature policy.

Conditions

-- Create a policy named 'test' -- Associate a signature set like "SQL Injection Signatures" to the policy For example, remove the "Generic Detection Signatures (High/Medium Accuracy)" set -- Look at the low-risk signatures associated with the policy Commmand: curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' | jq . | head -- Turn off staging for these signatures: Commands: curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' -d '{ "performStaging": false }' -X PATCH | jq . | head curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low' -d '{ "performStaging": true }' -X PATCH | jq . | head -- The "totalItems" shows that 187 signatures were changed

Workaround

Add 'inPolicy eq true' to the filter Command : curl -sku admin:admin 'https://localhost/mgmt/tm/asm/policies/MrLpFzRHNarvj_zuAOD0fw/signatures?$expand=signatureReference&$filter=signature/risk+eq+low+and+inPolicy+eq+true' -d '{ "performStaging": false }' -X PATCH | jq . | head

Fix Information

None

Change history

2025-04-28 Added: 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2

Top F5 Defects

9.6Defect ID: 1496269
VCMP guest on version 16.1.4 or above might experience constant TMM crashes.
9.4Defect ID: 1785385
Intermittent traffic failures when tenant is running BIG-IP v17.1.2 or above and host is on version prior to F5OS-A 1.8.0 or F5OS-C 1.8.0
9.4Defect ID: 1407909
For E810 100G SR-IOV NICs, traffic disruption is seen with ICE driver v1.11.14 and NVM 4.20 combination.
9.4Defect ID: 970269
Install fails as lind keeps failing due to "Fatal error: block id new probe failed - device file:/dev/cdrom"
9.4Defect ID: 885949
Untagged packet traffic does not work on i15800 platforms with virtual wire

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 1186401

Using REST API to change policy signature settings changes all the signatures.

F5 - Defect ID: 1186401

Using REST API to change policy signature settings changes all the signatures.

Last updated on April 28th, 2025

BugZero Risk Score6.7 Medium

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.7 Medium