Bug ID 751710: False positive cookie hijacking violation

Last Modified: May 23, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
15.0.0, 13.1.1.5

Opened: Dec 03, 2018
Severity: 3-Major

Symptoms

A false positive cookie hijacking violation.

Impact

False positive violation / blocking.

Conditions

-- Several sites are configured on the policy, without subdomain. -- TS cookies are sent with the higher domain level then the configured. -- A single cookie from another host (that belongs to the same policy) arrives and is mistaken as the other site cookie.

Workaround

N/A

Fix Information

None

Behavior Change