Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
12.1.1, 12.1.2
Fixed In:
13.0.0, 12.1.3
Opened: May 26, 2016 Severity: 3-Major Related Article:
K11833633
Cookie Signature overrides may be ignored after Attack Signature Update.
The system detects an attack signature violation for the object.
This issue occurs when all of the following conditions are met: -- Your BIG-IP ASM security policy is configured with an allowed cookie where Check attack signatures on this cookie is cleared (disabled). -- You install a Security Update Attack Signatures file. -- Your BIG-IP ASM system processes traffic that matches an attack signature for the URL or cookie that is configured with the attack signature override.
To work around this issue, you can modify the security policy settings and override (disable) the ability to check attack signatures on cookies. To do so, perform the following procedure in accordance with the object that is affected in your security policy: Impact of workaround: Performing the following procedures should not have a negative impact on your system. Disabling Check attack signatures on cookies The following procedure disables checking of attack signatures for the allowed cookie. 1. Log in to the Configuration utility. 2. Navigate to Security :: Application Security :: Headers :: Cookie List. 2. Click the Allowed Cookies tab. 4. Click the name of the cookie. 5. Click the Attack Signatures tab. 6. Clear the Attack Signatures box. 7. Click Update. 8. Click Apply Policy.
Cookie Signature overrides are observed correctly, even after Signature Update.