Bug ID 830341: False positives Mismatched message key on ASM TS cookie

Last Modified: Sep 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 16.0.0,, 16.0.1,

Fixed In:, 15.1.4,,

Opened: Sep 23, 2019
Severity: 3-Major


ASM system triggers false positives for ASM Cookie Hijacking violation with reason "Mismatched message key"


All subsequent requests are rejected on ASM Cookie Hijacking violation


-- An HTTP request containing an old frame cookie with a different message key from the main ts cookie is rejected -- The cookie is left intact


1. Disable "Learn Host Names" flag all policies. If the policy builder is on manual mode, they need to change it back to Auto mode, disable "Learn Host Names", then change to manual mode. OR 2. Delete the mismatched cookie. This will cause the violations to stop occurring if the request comes from a legit endpoint

Fix Information

ASM system does not trigger false positives

Behavior Change