Bug ID 761565: ASM BD core when custom captcha page configured size more than 45K with %ASM.captcha.support_id% placeholder is at the end

Last Modified: Aug 08, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6

Fixed In:
15.0.0

Opened: Mar 18, 2019
Severity: 2-Critical

Symptoms

ASM BD crash when custom captcha page configured size is 45K

Impact

There is an ASM BD crash that occurs upon a request protection by CAPTCHA mitigation. If configured for high availability (HA), failover occurs.

Conditions

- ASM provisioned. - ASM policy attached to a virtual server. - CAPTCHA page size is bigger than 45 KB. - CAPTCHA protection is enabled via brute force or ASM::captcha iRule.

Workaround

Define CAPTCHA page sizes smaller than 45 KB.

Fix Information

ASM BD core is fixed; BD no longer crashes, even when the CAPTCHA page size is larger than 45 KM.

Behavior Change