Bug ID 658462: Portal Access: tmm may crash if web application uses long cookie names and/or values

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Apr 13, 2017
Severity: 2-Critical
Related AskF5 Article:
K10251490

Symptoms

If JavaScript code sets a very long cookie value or uses very long cookie name (longer than 450 bytes), tmm may crash processing this cookie change.

Impact

tmm crashes. Traffic disrupted while tmm restarts. System failover.

Conditions

This issue occurs when all of the following conditions are met: -- Your BIG-IP APM system is configured with a portal access profile. -- A user establishes a portal access session using a Google Chrome or Microsoft Edge browser. -- Content processed by the portal access includes a JavaScript-generated HTTP cookie in which the cookie name or cookie value exceed 450 bytes.

Workaround

Use an iRule to remove 'Origin' header from any request to '/private/fm/volatile.html'. Note: This iRule has to enable events for internal requests using 'ACCESS::restrict_irule_events enable' command.

Fix Information

TMM no longer crashes when an APM Portal Access web application uses long cookie values and/or names.

Behavior Change