Bug ID 1021637: In some cases BD enforces CSRF on all URLs, ignoring CSRF URLs

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 17.0.0, 17.0.0.1, 17.0.0.2

Fixed In:
16.1.2.2, 15.1.6.1

Opened: May 26, 2021
Severity: 4-Minor

Symptoms

CSRF is sometimes enforced on URLs that do not match the CSRF URLs list

Impact

URLs that do not match the CSRF URLs list can be blocked due to CSRF violation.

Conditions

ASM policy with CSRF settings

Workaround

None

Fix Information

N/A

Behavior Change