Last Modified: Jan 07, 2026
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4
Fixed In:
11.6.0, 11.5.1 HF5
Opened: Mar 23, 2014 Severity: 2-Critical
Client side challenge reconstruction failed to restore the original referrer header.
During client side challenge injections, wrong referrer header reaches the web application.
During client side web scraping mitigation, the client side challenge is injected by the Enforcer to the browser end-user.
N/A
The client side challenge mechanism now correctly reconstructs the referrer header.