Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0
Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF8
Opened: May 11, 2013 Severity: 3-Major
If you have pages where browser compatibility is maintained via the use of the '<meta http-equiv="X-UA-Compatible" content="IE=8" />' tag, the CSRF script could be injected into the wrong place.
CSRF script gets inserted after the first meta tag, not after the X-UA-Compatible meta tag. This can cause certain versions of Microsoft Internet Explorer (IE), for example, v10, to not load the pages properly.
When you enable CSRF protection, the site does not function as expected because the CSRF javascript is injected in the page before this tag. If you have other meta tags, the injection takes place after the first meta tag that show up before the "X-UA-Compatible" one.
This issue has no workaround at this time.
This version has improved the system's placement of ASM JavaScript code.