Bug ID 528598: SharePoint ActiveX wrappers should check object type before rewriting URL

Last Modified: Apr 19, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Jun 18, 2015
Severity: 3-Major

Symptoms

Some our Invoke wrappers don't check if they are called against correct object and function. This may lead to a double rewriting of URLs, or to a corrupted URLs (like in the case of Sharepoint wrappers).

Impact

The rewritten URL will be malformed, and end users may be unable to view certain document types.

Conditions

This occurs when using rewrite with SharePoint applications.

Workaround

iRule workaround for ID528598: -------- when HTTP_REQUEST { # ID528598: Sharepoint ActiveX wrappers should check object type before rewriting URL # Rename ViewDocument to openDocument in order to avoid special rewriting. if { [HTTP::path] ends_with "/EmployeeFormsAndVideos" } { set bug528598 1 # log local0. "ID528598: modifying page at [HTTP::uri]" if { [HTTP::version] eq "1.1" } { if { [HTTP::header is_keepalive] } { HTTP::header replace "Connection" "Keep-Alive" } HTTP::version "1.0" } } elseif { [info exists bug528598] } { unset bug528598 } } when HTTP_RESPONSE { if { [info exists bug528598] } { if { [HTTP::header exists "Content-Length"] and \ [HTTP::header "Content-Length"] > 0 and \ [HTTP::header "Content-Length"] <= 1048576 } { HTTP::collect [HTTP::header Content-Length] } else { HTTP::collect 1048576 } } } when HTTP_RESPONSE_DATA { if { [info exists bug528598] } { unset bug528598 set location [string last {.ViewDocument} \ [HTTP::payload]] while { $location > 0 && \ $location < [expr {[HTTP::payload length] - 13}] } { HTTP::payload replace $location 5 {.open} set location [string last {.ViewDocument} \ [HTTP::payload]] } unset location } }

Fix Information

A check is now performed to ensure the underlying object is really an ActiveX object before rewriting the object.

Behavior Change