Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: Jan 23, 2018
Severity: 3-Major
When proactive bot defense, which provides headless browser detection, is enabled, a request from the UC Browser running on a mobile device, gets a high score and might be reset/CAPTCHA'd.
Potential reset/CAPTCHA in this case. In addition to the system presenting a false 'Web Rootkit detected' alert, there are other violations detected within the request.
1. ASM or DOS provisioned. 2. Proactive bot defense (headless browsers detection) enabled in DoS Application profile and DoS profile assigned on a virtual server. 3. Request is sent without TSPD101 cookie.
You can use either of the following workarounds: -- Disable headless browser detection (under proactive bot defense). -- Raise reset/CAPTCHA score limits using the following commands: list sys db dosl7.browser_legit_min_score_captcha sys db dosl7.browser_legit_min_score_captcha { value "60" } list sys db dosl7.browser_legit_min_score_drop sys db dosl7.browser_legit_min_score_drop { value "120" }
Rootkit checks for UC Browser are improved.