Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.4, 11.6.1, 11.6.2
Fixed In:
11.6.3, 11.5.5
Opened: Jun 15, 2017 Severity: 3-Major Related Article:
K23432927
The BIG-IP ASM system may redirect a client request to an incorrect URL after the client browser passes the client-side integrity defense JavaScript challenge.
The client browser is redirected to an incorrect URL. If a malicious attacker triggers the DoS profile and then sends a maliciously crafted structured URL to unsuspecting users as part of a phishing attack, the users may be redirected to a malicious website.
This issue occurs when all of the following conditions are met: -- You have enabled the Client Side Integrity Defense feature in a DoS profile associated with a virtual server. -- A client request containing a certain structured URL is processed by the virtual server with the DoS profile. -- The client browser passes the client-side integrity defense JavaScript challenge issued by the BIG-IP ASM system.
None.
Client side code no longer redirects to an incorrect URL under these conditions.