Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
11.2.1, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8
Fixed In:
12.1.0, 11.6.1, 11.5.4 HF2, 11.4.1 HF10
Opened: Oct 14, 2015
Severity: 3-Major
401 responses containing Set-Cookie headers might not be processed correctly. Domains that begin with a dot will be truncated and the cookies will not be sent to pool members.
Cookies assigned during the authentication handshake might not be sent to pool members.
An access policy needs to use Basic or NTLM authentication and one or more of the 401 responses must contain Set-Cookie headers. If a domain is specified and the domain begins with a dot, it will not be processed correctly.
An iRule can be used to process the 401 responses and remove any leading dots from domain fields of Set-Cookie headers.
Domain fields in Set-Cookie headers found in 401 responses are processed correctly.
