Bug ID 648639: TS http cookie name contains a NULL character or some other raw byte

Last Modified: Aug 30, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1, 12.1.3.7

Opened: Mar 02, 2017

Severity: 3-Major

Related Article: K92201230

Symptoms

The TS http cookie name may intermittently contain a NULL (ASCII character number 0x00) character

Impact

False positives triggered on modified domain cookies.

Conditions

This can occur intermittently when ASM is provisioned and has a unique combination of security policy name and the server's cookie attributes (path and domain).

Workaround

To resolve this, change the policy security name.

Fix Information

Fixed an issue with the TS cookie name length.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips