Bug ID 683241: Improve CSRF token handling

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.5.4, 11.5.5, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Fixed In:
14.1.0, 13.1.0.6, 12.1.3.6, 11.6.3.2, 11.5.6

Opened: Sep 13, 2017

Severity: 3-Major

Related Article: K70517410

Symptoms

Under certain conditions, CSRF token handling does not follow current best practices.

Impact

CSRF token handling does not follow current best practices.

Conditions

CSRF is configured.

Workaround

None.

Fix Information

CSRF token handling now follows current best practices.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips