Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Fixed In:
17.0.0
Opened: Jul 29, 2020 Severity: 3-Major
Improper handling of multiple cookies results in security bypass when certain server technologies are used. The multiple cookie headers are handled separately in ASM, but the backend server concatenates it and can lead to potential signature attacks.
Bypass of negative security enforcement and can affect certain server technologies
When PHP server technology is used as backend and a specially crafted request is sent with multiple cookies header.
None
Templates are modified to change the default value of 'Repeated Occurrences' for HTTP header 'cookie' to 'Disallow'.