Last Modified: May 14, 2019
See more info
Known Affected Versions:
10.2.4, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1
11.6.1 HF1, 11.5.4 HF2
Opened: Oct 07, 2015
Upon repeatedly modifying the same HTTP cookie value (in the Set-Cookie header) within an iRule attached to a virtual server, the HTTP::cookie API may produce stale HTTP header data (e.g. HTTP Set-Cookie header and/or other HTTP headers).
Repeatedly altering the same HTTP cookie value in an iRule, via the HTTP::cookie API, may yield to an HTTP request/response with inconsistent HTTP header data, including but not limited to the Set-Cookie HTTP header.
LTM Virtual Server handling HTTP traffic, with iRule attached which modifies a given HTTP cookie value through the HTTP::cookie API, on ingress and/or egress traffic (through the HTTP_REQUEST and/or HTTP_RESPONSE events). An example use-case for producing the error would be encrypting and decrypting HTTP cookies via an iRule.