Last Modified: May 29, 2024
Affected Product(s):
BIG-IP All
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4
Fixed In:
16.0.0, 15.1.0.5, 15.0.1.4, 14.1.2.7
Opened: Aug 20, 2019 Severity: 2-Critical
The session and authentication cookies are created using a limited character set.
Cookies are created with a less broad character set than they could be.
Creating session and authentication cookies.
None.
JSESSIONIDs and AuthCookies are created using a wider character set.
This release changes the format of the BIGIPAuthCookie and JSESSIONID cookies to use a larger alphabet during encoding (case sensitive alphanumeric).