Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
12.0.0
Opened: Aug 03, 2014 Severity: 4-Minor
A CSRF script does not iterate over frame links, causing a false positive CSRF violation.
A false positive CSRF violation.
CSRF is turned on a system that has frame links.
You can workaround this issue by using the URL list in the CSRF protection configuration.
The system now adds the CSRF token to frame links, fixing a false positive CSRF violation issue.