Bug ID 1311997: Disable the f5_cspm and f5_p words from the AVR cookie disclosure.

Last Modified: Oct 04, 2024

Affected Product(s):
BIG-IP AVR(all modules)

Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1

Opened: Jun 26, 2023

Severity: 4-Minor

Symptoms

AVR cookie disclosure shows f5_cspm and f5_p words after changing the avr.cspmcachecookiename cookie name.

Impact

Changing the avr.cspmcachecookiename won't disable the f5_cspm and f5_p words from the AVR cookie disclosure.

Conditions

While we curl the application used behind the F5 Big IP.

Workaround

To selectively disable the AVR f5_cspm injection follow the below document. https://clouddocs.f5.com/api/irules/AVR__disable_cspm_injection.html

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips