Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5
Fixed In:
16.0.0, 15.1.1, 14.1.2.8
Opened: Feb 11, 2020
Severity: 4-Minor
After configuring the "validate upon request" option in "Cross Domain Requests" in a Bot Defense profile, JS challenges continue to be sent.
Browser receives another JS challenge, instead of retrieving the cookie from the related domain. This causes extra latency for the client.
-- Bot Defense profile is enabled -- "Cross Domain Request":"validate upon request" option is enabled -- A browser navigates to a qualified (HTML) page from a related domain.
Use "validate in a bulk" option.
Retrieving the cookie from the related domain even if the page is qualified.
