Last Modified: Dec 17, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
17.1.1.3, 17.1.1.4, 17.1.2
Opened: Aug 25, 2024 Severity: 3-Major Related Article:
K000141079
ASM inserts a trailing semicolon in the TS cookie, disrupting applications that do not expect it. For example: Set-Cookie: TS01e598a2=018d578595eac155bac90a9dac4562f0c357fa23f53c83b38f057138f89dbda17976c061d9a60c0dca82491a94744e566b62469281; Path=/; Set-Cookie: TS01e598a2028=0101747a8abb3052a8487a52e0e6de781695602a00e66c53fff71760ff70be79fd26ba42ca5db34438591fefc96318d24a3b065d6e; Path=/;
The service is disrupted for applications that are not equipped to handle the trailing semicolon.
This behavior is observed in BIG-IP version 17.0.0 and higher releases. In releases prior to BIG-IP 17.0.0, this trailing semicolon is not added.
An iRule can be used to workaround this issue: Following is an example: when HTTP_RESPONSE_RELEASE { # Check if the response has a Set-Cookie header if {[HTTP::header exists "Set-Cookie"]} { set header_list [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach cookie_header $header_list { # Use regex to remove the trailing semicolon set modified_cookie_header [regsub -all {;[\s]*$} $cookie_header ""] # Replace the Set-Cookie header with the modified one HTTP::header insert "Set-Cookie" $modified_cookie_header unset modified_cookie_header } } }
None