Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.1, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: Feb 27, 2014 Severity: 3-Major Related Article:
K44757617
While any JavaScript code is executed, all rewritten URLs on the HTML page are demangled into original form. This operation is done by a separate script. Browsers unlock user interface at switching from one script to another. This switching may be long enough to view non-rewritten URLs from the user interface especially if the script to be executed is not in the browser cache.
User may use non-rewritten URLs and bypass the BIG-IP system connecting to them.
HTML page with long external scripts which may be downloaded slowly.
This issue has no workaround at this time.
Now in all modern browsers (Chrome, Safari, FF20+ and IE10+) URLs are not converted explicitly between rewritten and non-rewritten forms during script execution. Implicit conversion function is used instead. This does not allow to use non-rewritten URLs from user interface.