K11453402 : BIG-IP Cookie encryption security exposure

2024-02-1400:00:00

my.f5.com

big-ip

cookie encryption

security exposure

http profile

back-end servers

duplicate cookies

7 High

AI Score

Confidence

Low

JSON

Security Advisory Description

When HTTP Profile Cookie encryption is enabled, duplicate HTTP cookies may be passed on to back-end servers.

This issue occurs when the following condition is met:

The virtual server has an HTTP Profile with Cookie Encryption enabled.

Impact

The back-end pool member may receive duplicate HTTP cookies.

Symptoms

As a result of this issue, you may encounter the following symptom:

Duplicate HTTP Cookies may not be evaluated by the HTTP Profile Cookie Encryption feature.

CPENameOperatorVersion
big-ip next central managereq20.0.1
big-ip next central managereq20.0.2
big-ip next central managereq20.1.0
big-ip next cgnat cnfeq1.1.0
big-ip next cgnat cnfeq1.1.1
big-ip next cgnat cnfeq1.2.0
big-ip next cgnat cnfeq1.2.1
big-ip next dns cnfeq1.1.0
big-ip next dns cnfeq1.1.1
big-ip next dns cnfeq1.2.0

Name	Operator	Version
big-ip next central manager	eq	20.0.1
big-ip next central manager	eq	20.0.2
big-ip next central manager	eq	20.1.0
big-ip next cgnat cnf	eq	1.1.0
big-ip next cgnat cnf	eq	1.1.1
big-ip next cgnat cnf	eq	1.2.0
big-ip next cgnat cnf	eq	1.2.1
big-ip next dns cnf	eq	1.1.0
big-ip next dns cnf	eq	1.1.1
big-ip next dns cnf	eq	1.2.0

Rows per page:

1-10 of 4091

7 High

AI Score

Confidence

Low

JSON