Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.5.3, 11.5.2, 11.5.1, 11.4.1, 11.2.1
Fixed In:
11.6.0 HF6, 11.5.4
Opened: Apr 15, 2015 Severity: 3-Major Related Article:
K16524
'Set-Cookie' headers are syntactically invalid.
'Set-Cookie' headers in the client side become syntactically invalid (two 'Path' values that can be contradictory, plus a broken 'Expires' string).
Rewrite profile and 'Set-Cookie' header has 'Expires' attribute before 'Path' attribute.
Put the 'Path' attribute before 'Expires' attribute.
The 'Expires' attribute is now properly parsed.