Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1
Opened: Apr 13, 2017 Severity: 2-Critical Related Article:
K10251490
If JavaScript code sets a very long cookie value or uses very long cookie name (longer than 450 bytes), tmm may crash processing this cookie change.
tmm crashes. Traffic disrupted while tmm restarts. System failover.
This issue occurs when all of the following conditions are met: -- Your BIG-IP APM system is configured with a portal access profile. -- A user establishes a portal access session using a Google Chrome or Microsoft Edge browser. -- Content processed by the portal access includes a JavaScript-generated HTTP cookie in which the cookie name or cookie value exceed 450 bytes.
Use an iRule to remove 'Origin' header from any request to '/private/fm/volatile.html'. Note: This iRule has to enable events for internal requests using 'ACCESS::restrict_irule_events enable' command.
TMM no longer crashes when an APM Portal Access web application uses long cookie values and/or names.