Bug ID 1021637: In some cases BD enforces CSRF on all URLs, ignoring CSRF URLs

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 17.0.0, 17.0.0.1, 17.0.0.2

Fixed In:
16.1.2.2, 15.1.6.1

Opened: May 26, 2021
Severity: 4-Minor

Symptoms

CSRF is sometimes enforced on URLs that do not match the CSRF URLs list

Impact

URLs that do not match the CSRF URLs list can be blocked due to CSRF violation.

Conditions

ASM policy with CSRF settings

Workaround

None

Fix Information

N/A

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks