Bug ID 726377: False-positive cookie hijacking violation

Last Modified: Jan 01, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7

Fixed In:
14.1.0, 14.0.0, 13.1.0.8

Opened: Jul 01, 2018
Severity: 3-Major

Symptoms

A false-positive cookie hijacking violation.

Impact

False positive violation / blocking.

Conditions

-- Several sites are configured on the policy, without subdomains. -- TS cookies are sent with the higher domain level then the configured. -- A single cookie from another host (that belongs to the same policy) arrives and is mistaken as the other site cookie.

Workaround

Cookie hijacking violation when the device ID feature is turned off is almost never relevant, as it should be able to detect only cases where some of the TS cookies were taken. The suggestion is to turn off this violation.

Fix Information

False-positive cookie hijacking violation no longer happens working with multiple domains on some scenarios.

Behavior Change