Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4
Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF4
Opened: Mar 13, 2014 Severity: 3-Major Related Article:
K15383
Certain requests from rewritten Flash ActionScript 3 files might be missing the '/f5-w-xxx$$/' part of the path. These requests fail and this could adversely affect the functionality of the application.
Failed requests, broken applications. Security issue: Flash applications could make HTTP request to other domains accessible through Portal Access without checks for cross-domain restrictions.
Request URI in Flash code contains enough "../" parts to leave the '/f5-w-xxx$/' sandbox.
This could be addressed with an iRule in most cases. If you can identify such a request, you can correct the mangled part of the URI within the HTTP_REQUEST event.
Flash ActionScript 3 rewriter now correctly rewrites URLs containing "../".
