For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Paulraj_1's avatar
Chris_Paulraj_1
Icon for Nimbostratus rankNimbostratus
Jan 20, 2009

Could someone shed light on "Modified Domain Cookie" violations?

I need some help in understanding the modified cookie domain violation. Does ASM report it when a cookie gets modified at the client side (browser)? and does it also report when a cookie gets updated ...
app sec
BIG-IP Access Policy Manager (APM)
security
Chris_Paulraj_1's avatar
Chris_Paulraj_1
Icon for Nimbostratus rankNimbostratus
Jan 27, 2009
Aaron, I am able to reproduce the problem, all our application cookies are created with Session expiry and so are the F5 cookies (affinity & ASM). I also see a problem with the way ASM is reporting on these cookies, cookie name & value are misplaced on the alerts, it is reporting cookie values as cookie name for some of our cookies (not all of them). However they all show up right on cookiespy & IEWatch.