Bug ID 564324: ASM scripts can break applications

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6

Fixed In:
13.0.0, 12.1.3.7

Opened: Dec 22, 2015
Severity: 3-Major

Symptoms

ASM originated scripts are injected into places where they are not supposed to be, causing the script not to work and/or the application to break.

Impact

Application malfunctions, shows javascrip errors

Conditions

ASM is in front of a single page application, where injection is possible only for the main page. \ ASM has the CSRF or web scraping feature enabled.

Workaround

Turn off the relevant feature that causes the injection.

Fix Information

None

Behavior Change