Bug ID 506597: False positive cookie hijacking violation after uploading big requests

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Fixed In:
12.0.0

Opened: Feb 13, 2015
Severity: 3-Major

Symptoms

There is a false cookie hijacking violation, there is a TS cookie with _0 at the end of the cookie name.

Impact

A false violation, alarm or block.

Conditions

After uploading a big payload, a false cookie is created which in turn, upon the next request will issue the ASM cookie hijacking violation.

Workaround

Turn off the ASM cookie hijacking violation (it is off by default)

Fix Information

After uploading a big payload, a false cookie (a TS cookie with _0 at the end of the cookie name) is no longer created which in turn, upon the next request, used to issue the ASM cookie hijacking violation.

Behavior Change