Bug ID 453568: Client side challenge request reconstruction may fail to restore original referrer header

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF4

Opened: Mar 23, 2014
Severity: 2-Critical

Symptoms

Client side challenge reconstruction failed to restore the original referrer header.

Impact

During client side challenge injections, wrong referrer header reaches the web application.

Conditions

During client side web scraping mitigation, the client side challenge is injected by the Enforcer to the browser end-user.

Workaround

N/A

Fix Information

The client side challenge mechanism now correctly reconstructs the referrer header.

Behavior Change