Bug ID 595900: Cookie Signature overrides may be ignored after Signature Update

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.1, 12.1.2

Fixed In:
13.0.0, 12.1.3

Opened: May 26, 2016

Severity: 3-Major

Related Article: K11833633

Symptoms

Cookie Signature overrides may be ignored after Attack Signature Update.

Impact

The system detects an attack signature violation for the object.

Conditions

This issue occurs when all of the following conditions are met: -- Your BIG-IP ASM security policy is configured with an allowed cookie where Check attack signatures on this cookie is cleared (disabled). -- You install a Security Update Attack Signatures file. -- Your BIG-IP ASM system processes traffic that matches an attack signature for the URL or cookie that is configured with the attack signature override.

Workaround

To work around this issue, you can modify the security policy settings and override (disable) the ability to check attack signatures on cookies. To do so, perform the following procedure in accordance with the object that is affected in your security policy: Impact of workaround: Performing the following procedures should not have a negative impact on your system. Disabling Check attack signatures on cookies The following procedure disables checking of attack signatures for the allowed cookie. 1. Log in to the Configuration utility. 2. Navigate to Security :: Application Security :: Headers :: Cookie List. 2. Click the Allowed Cookies tab. 4. Click the name of the cookie. 5. Click the Attack Signatures tab. 6. Clear the Attack Signatures box. 7. Click Update. 8. Click Apply Policy.

Fix Information

Cookie Signature overrides are observed correctly, even after Signature Update.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips