Last Modified: Mar 17, 2021
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 11.6.4, 11.6.5, 220.127.116.11, 18.104.22.168, 22.214.171.124, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Opened: Jul 06, 2015
When a response arrives without a content-type header and a login page has a search in response text criteria, the system does not detect failed logins. When brute force or session tracking is configured with this login page, it causes the system not to detect the brute force attack or track the session.
Brute force attacks are not detected, other login features may fail.
Login criteria includes string searches on the full response. Response arrives without content type.
We fixed a possible failing scenario of the response-side features.