Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
13.0.0, 12.1.3
Opened: Sep 24, 2016 Severity: 3-Major
The JavaScript challenge is repeating in a loop on Firefox on URLs which are longer than 1033 characters. The request never reaches the back-end server. This happens in the following challenges: * Proactive Bot Defense with Suspicious Browsers enabled * Client-Side Integrity Defense In the rest of the challenges, the challenges will succeed, but POST requests will not be reconstructed correctly and sent as a multipart message to the back-end server.
Requests to URLs longer than 1033 will be blocked on Firefox, and the browser will repeat the challenge in a loop.
URLs are longer than 1033 characters, AND: Users are using the Firefox browser, AND: Either: * Proactive Bot Defense with Suspicious Browsers enabled, OR * Client-Side Integrity Defense is enabled and is used as a DoSL7 mitigation during an attack.
None
The JavaScript challenge no longer gets stuck in a loop on Firefox, on URLs which are longer than 1033 characters.