Lucene search
F5F5:K88162221HistoryFeb 10, 2021 - 12:00 a.m.
K88162221 : The BIG-IP ASM system may not properly perform signature checks on cookies
2021-02-1000:00:00
my.f5.com
19
Security Advisory Description
The BIG-IP ASM system may not properly perform signature checks on cookies.
This issue occurs when the following condition is met:
- You have a security policy enabled with cookie scope attack signatures.
Impact
Cookies containing malicious payload may pass through the system without logging a violation.
Symptoms
As a result of this issue, you may encounter the following symptom:
- Some attack signatures do not match a cookie with malicious content, and the system forwards the cookie to the backend hosts without logging a violation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip asm | eq | 11.6.1 | |
| big-ip asm | eq | 11.6.2 | |
| big-ip asm | eq | 11.6.3 | |
| big-ip asm | eq | 11.6.4 | |
| big-ip asm | eq | 11.6.5 | |
| big-ip asm | eq | 12.1.0 | |
| big-ip asm | eq | 12.1.1 | |
| big-ip asm | eq | 12.1.2 | |
| big-ip asm | eq | 12.1.3 | |
| big-ip asm | eq | 12.1.4 |
Related
cve
cve
CVE-2021-23007
2021-03-31 18:15:15
f5
f5
K23022557 : The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP
2017-03-06 00:00:00
K37451543 : TMM vulnerability CVE-2021-23007
2021-03-19 00:00:00
K31934524 : BIG-IP SNAT vulnerability CVE-2021-22998
2021-03-10 00:00:00
nessus
nessus
F5 Networks BIG-IP : TMM vulnerability (K37451543)
2021-04-01 00:00:00
cvelist
cvelist
CVE-2021-23007
2021-03-31 17:43:02
prion
prion
Code injection
2021-03-31 18:15:00
nvd
nvd
CVE-2021-23007
2021-03-31 18:15:15