Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0
Opened: Aug 18, 2018 Severity: 4-Minor
When Proactive Bot Defense is enabled together with Single Page Application on the DoS Application Profile, the page may scroll all the way down when the application sends an AJAX request. Another symptom is that during the whitepage challenge, there may be a textbox and the words 'lebowskilebowski'.
Users browsing the application may see their browser window scrolled all the way down. When this happens, the screen can be scrolled back up without a problem. If the textbox and the label 'lebowskilebowski' appears, the impact is cosmetic.
- Application DoS Profile is used with Proactive Bot Defense, Block Suspicious Browsers, and Single Page Application -- all enabled. - Back-end web page is longer than the height of the user's browser window. - The back-end web application is sending an AJAX request.
There is no workaround at this time.
Proactive Bot Defense challenges with Single Page Application no longer cause the browser window to scroll down. The text 'lebowskilebowski' no longer appears during the whitepage challenge.