Bug ID 420977: Improved the system's placement of ASM JavaScript code.

Last Modified: Oct 22, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0

Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF8

Opened: May 11, 2013
Severity: 3-Major

Symptoms

If you have pages where browser compatibility is maintained via the use of the '<meta http-equiv="X-UA-Compatible" content="IE=8" />' tag, the CSRF script could be injected into the wrong place.

Impact

CSRF script gets inserted after the first meta tag, not after the X-UA-Compatible meta tag. This can cause certain versions of Microsoft Internet Explorer (IE), for example, v10, to not load the pages properly.

Conditions

When you enable CSRF protection, the site does not function as expected because the CSRF javascript is injected in the page before this tag. If you have other meta tags, the injection takes place after the first meta tag that show up before the "X-UA-Compatible" one.

Workaround

This issue has no workaround at this time.

Fix Information

This version has improved the system's placement of ASM JavaScript code.

Behavior Change