Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
10.2.4, 11.2.1, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
Fixed In:
12.0.0, 11.6.0 HF6, 11.5.4, 11.4.1 HF10
Opened: Jul 30, 2014 Severity: 4-Minor
Cookies assigned during back end authentication may not be returned to back end servers. The failures require the set-cookie header contain a domain assignment and the domain value must begin with a dot.
Applications protected by the above authorization may not work.
401 response from a back end has Set-Cookie headers containing domain assignments that begin with a dot.
An iRule can be used to catch the 401 response. If it contains one or more Set-Cookie headers, check each for a domain attribute. Remove the initial dot in the domain value, if present.
WebSSO processes domain fields in Set-Cookie headers correctly.