Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.6.2 HF1, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF4
Opened: Mar 23, 2014 Severity: 2-Critical
Client side challenge reconstruction failed to restore the original referrer header.
During client side challenge injections, wrong referrer header reaches the web application.
During client side web scraping mitigation, the client side challenge is injected by the Enforcer to the browser end-user.
N/A
The client side challenge mechanism now correctly reconstructs the referrer header.