Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2
Fixed In:
12.1.0, 12.0.0 HF3
Opened: Nov 21, 2015 Severity: 3-Major Related Article:
K65315652
An empty value in the first cookie-pair (cookie-name and cookie-value) of the 'Set-Cookie' (or 'Set-Cookie2') HTTP response header produces cookie-parsing errors in server-side iRules using the HTTP::cookie API. For example, the following server-side HTTP response yields an empty cookie 'expires' attribute by the [HTTP::cookie expires $myCookie] iRule API: HTTP/1.1 200 OK Connection: close Content-Type: text/html Content-Length: 0 Set-Cookie: myCookie=; expires=Mon, 11-Oct-1999 22:00:00 GMT; path=/
Erroneous cookie-parsing in server-side iRules using the HTTP::cookie API, when the HTTP response has an empty value in the first cookie-pair (cookie-name and cookie-value) of the 'Set-Cookie' (or 'Set-Cookie2') HTTP header.
Server-side iRule using the HTTP::cookie API for parsing cookie attributes for an HTTP response featuring an empty value in the first cookie-pair (cookie-name and cookie-value) of the 'Set-Cookie' (or 'Set-Cookie2') HTTP header.
There is no workaround at this time.
This release fixes cookie parsing for empty cookie pair values so there are no iRule cookie parsing errors.
