Bug ID 765365: ASM tries to send response cookies after response headers already forwarded - makes CSRF false positive

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 15.0.0

Opened: Mar 26, 2019
Severity: 4-Minor

Symptoms

ASM blocks a legal request and fires CSRF false positive violations when csrf JavaScript code is injected into a page without an html tag.

Impact

HTTP requests are blocked sometimes when they should not be.

Conditions

-- ASM provisioned. -- ASM policy attached to a virtual server. -- CSRF protection configured. -- HTML pages learning features enabled.(BruteForce/WebScraping). -- CSRF JavaScript code is injected into a page without an html tag.

Workaround

To workaround this issue, configure asm internal and then restart asm, as follows: /usr/share/ts/bin/add_del_internal add cs_resp_ingress_count 1 bigstart restart asm

Fix Information

None

Behavior Change