BugZero | F5 BugID 711546 - Portal Access: 'X-Frame-Options: DENY' header may ...

OPERATIONAL DEFECT DATABASE

...

BugZero | F5 BugID 711546 - Portal Access: 'X-Frame-Options: DENY' header may ...

F5 - Defect ID: 711546

Portal Access: 'X-Frame-Options: DENY' header may be erroneously added to HTTP response

F5 - Defect ID: 711546

Portal Access: 'X-Frame-Options: DENY' header may be erroneously added to HTTP response

Last updated on April 28th, 2025

BugZero Risk Score
6.6 Medium

Overall: 6.6

Severity: 7.3

Community: 4.2

Lifecycle: 7.3

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 3-Major
Status: Verified
Impact Category: Access Policy Manager

Description

Impact ... In this case, Portal Access replaces 'X-Frame-Option' header value with 'DENY' string. ... Browser cannot show the page received from back-end server due to restriction caused by 'X-Frame-Options: DENY' response header. ... Conditions ... -- Same-origin HTTP request with explicit default port number in origin URL, for example: GET /frame.html HTTP/1.1 Host: http://some.com Origin: http://some.com:80/index.html Such a request may be produced by the browser parsing the following HTML page: <head><base href=http://some.com:80/index.html ></head> <iframe src=frame.html></iframe> -- HTTP response from back-end server with 'X-Frame-Option: SAMEORIGIN' header. ... Use iRule to remove 'X-Frame-Options: DENY' response header when necessary. ... Fix Information ... Now Portal Access handles correctly any same-origin HTTP requests with default HTTP port in the origin URL. ... Behavior Change

Change history

2025-04-28 Added: 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Top F5 Defects

9.4Defect ID: 1474081
Central Manager upgrade fails, leaving VM in maintenance mode
9.4Defect ID: 1624777
Tenants will not deploy since Orchestration Agent process is continuously generating a core
9.4Defect ID: 1314169
Tenant service-id mismatch between fdb mac-table and service-instance entries
9.4Defect ID: 1117277
Occasional issue observed when tenant deployed on r2xxx/r4xxx series
9.3Defect ID: 1315121
Key migration failure and potential corruption updating to 1.5.0 or later with deployed tenants

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 711546

Portal Access: 'X-Frame-Options: DENY' header may be erroneously added to HTTP response

F5 - Defect ID: 711546

Portal Access: 'X-Frame-Options: DENY' header may be erroneously added to HTTP response

Last updated on April 28th, 2025

BugZero Risk Score6.6 Medium

Bug Details

Links

Top F5 Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.6 Medium