Bug ID 1579553: Signatures triggered for cookies with empty values after upgrade to 17.1.1.1

Last Modified: Jun 13, 2024

Affected Product(s):
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
17.1.1.1, 17.1.1.2, 17.1.1.3

Opened: Apr 16, 2024

Severity: 3-Major

Symptoms

A "cc" execution attempt violation is triggered even though it doesn't have any value.

Impact

Valid request getting blocked

Conditions

1. "cc" execution attempt signature enforced. 2. Cookie with some "cc" characters in its value followed by a cookie with empty value.

Workaround

Rearranging the cookies will not cause violation.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips