Bug ID 1581533

Bug Tracker
ID 1581533

Bug ID 1581533: Existing SameSite attribute for cookie is not detected in response in case of no closing semi-colon after attribute's value

Last Modified: Feb 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.5.0, 17.1.2

Opened: Apr 24, 2024

Severity: 3-Major

Symptoms

The system does not properly recognize the presence of the SameSite=Strict attribute when the attribute value is not followed by a semi-colon, leading to the unintended addition of another SameSite attribute.

Impact

This behavior affects the integrity of the SameSite attribute in cookies

Conditions

Occurs when the SameSite=Strict attribute in the response header does not have a closing semi-colon.

Workaround

None

Fix Information

SameSite attribute is correctly identified, regardless of the presence of a trailing semi-colon

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips