Bug ID 491133: Misleading description of default cookie header

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4

Fixed In:
12.0.0

Opened: Nov 17, 2014
Severity: 3-Major

Symptoms

If you look at the default cookie header configuration on the Security > Application Security > Headers > HTTP Headers screen see that the the cookie line is not being checked by signatures. The truth is that it is being checked by parameters values signatures and not the headers signatures.

Impact

Misleading description of default cookie header

Conditions

Enter to the Application Security > Headers > HTTP Headers and view the default cookie header properties.

Workaround

None

Fix Information

For clarity, we added a special note next to the "check signatures" check box on the Security > Application Security > Headers > HTTP Headers screen.

Behavior Change