Bug ID 750974: CSRF token might break request URL

Last Modified: Oct 30, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1

Fixed In:
15.0.0

Opened: Nov 26, 2018
Severity: 3-Major

Symptoms

An application that is protected by ASM intermittently does not work. Web logs from the application server indicate an extra digit is included in the requested URL.

Impact

Web application does not work as expected.

Conditions

-- ASM provisioned. -- ASM policy attached to a virtual server. -- CSRF enabled in the ASM policy.

Workaround

None.

Fix Information

CSRF javascript code fixed and does not modify requested URL anymore.

Behavior Change