Bug ID 513787: CSRF doesn't apply web application callback registered as XMLHttpRequest.onload in IE8-10

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: Mar 22, 2015

Severity: 3-Major

Symptoms

Since Javascript is executed on client side. When it comes to page render, javascript errors might break your page.

Impact

Since Javascript is executed on client side. When it comes to page render, javascript errors might break your page.

Conditions

Using Internet Explorer 8-10 with CSRF ASM enabled.

Workaround

N/A

Fix Information

Fix AJAX request to invoke the original web application's javascript functionality after attaching the csrt token in IE8-10.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips