Description
Issue Summary:
When receiving requests that contain multiple slashes (“/”), the Integrated WAF module in Alteon may experience an outage and the WAF GUI may become inaccessible.
When experiencing this issue, the following error message may appear in the log: "Page is not working- ERR EMPTY Response”.
Affected Versions
Alteon versions:
- 33.0.16.x through 33.0.18.x
- 33.5.12.x through 33.5.14.x
- 34.0.8.x through 34.0.10.x
- 34.5.3.x through 34.5.5.x
AppWall versions:
- 7.6.27.x
- 7.6.28.x
- 7.6.29.x
Bug ID
AW-53918
Workaround
Disable the “Purge Multiple Slashes” option.
Explanation:
Disabling this flag will skip WAF module purging multiple slashes in requests URI (for example: “////some-request” before scanning).
This functionality is not security-related, and most common clients perform it anyway before a request arrives at the Alteon/WAF device.
This option appears in the HTTP Properties tab (see Figure 1), in the Request message section (see Figure 2).
Figure 1:
Figure 2:
ETA for fix
The fix for this issue is scheduled for the following Alteon versions:
- 33.0.19.0
- 33.5.15.0
- 34.0.11.0
- 34.5.6.0