Bug ID 799293: Cookie is masked when not configured to be masked

Last Modified: Aug 23, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 16.0.0,, 16.0.1,,

Fixed In:

Opened: Jun 27, 2019
Severity: 4-Minor


Cookie is assumed to be sensitive data in attack-signature violation details, if another cookie in the same request is configured to be masked.


The attack-signature cookie is masked in attack-signature violation details.


-- Two cookies are present in the same request. -- One of the cookies does not raise attack-signature violation and is configured to be masked. -- The other cookie raises an attack-signature violation and is not defined to be masked.



Fix Information

The cookie that was not defined to be masked is no longer masked.

Behavior Change