Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1
Fixed In:
15.0.0, 14.1.0.2, 14.0.0.5
Opened: Nov 05, 2018 Severity: 3-Major
Multiple virtual servers are each using different cookie names for cookies 72, 74, and 76. This occurred because these cookie names are dependent on virtual server properties.
Anti-Bot Mobile SDK is not able to connect to multiple virtual servers using the same cookie.
-- Multiple subdomains are configured to resolve to different virtual servers with different ASM policies. -- Anti-Bot Mobile SDK attempts to connect to these virtual servers.
None.
The relevant cookie names were changed. The format TS00000000_7x (prefix/suffix may change according to configuration) is now used for cookies 72, 74, and 76, which results in identical cookie names for all configured virtual servers. This will allow Anti-Bot Mobile SDK to connect to multiple virtual servers using the same cookie.