Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.0.0
Opened: Nov 17, 2014 Severity: 3-Major
If you look at the default cookie header configuration on the Security > Application Security > Headers > HTTP Headers screen see that the the cookie line is not being checked by signatures. The truth is that it is being checked by parameters values signatures and not the headers signatures.
Misleading description of default cookie header
Enter to the Application Security > Headers > HTTP Headers and view the default cookie header properties.
None
For clarity, we added a special note next to the "check signatures" check box on the Security > Application Security > Headers > HTTP Headers screen.
