Bug ID 648639: TS cookie name contains NULL or other raw byte

Last Modified: Dec 14, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3.7

Opened: Mar 02, 2017
Severity: 3-Major
Related AskF5 Article:
K92201230

Symptoms

The TS cookie name may intermittently contain NULL.

Impact

False positives triggered on modified domain cookies.

Conditions

This can occur intermittently when ASM is provisioned and has a unique combination of security policy name and the server's cookie attributes (path and domain).

Workaround

To resolve this, change the policy security name.

Fix Information

Fixed an issue with the TS cookie name length.

Behavior Change