Last Modified: Feb 28, 2019
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 13.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 13.1.1, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 14.0.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 14.1.0, 126.96.36.199, 188.8.131.52
Opened: Oct 12, 2017
Backend application server will receive a 'dummy' POST body. Impact will depend on the application. In one deployment this resulted in SAML assertion failures.
Initial POST body. Access policy has completed, and client browser sends a 'dummy' POST to the landing URI. Then something (backend or some APM component sends a reset) causes the browser to resend the 'dummy' POST.