We're seeing an issue with http route assertion related to request header (cookie) processing post installing CR02 in our non-prod server.
Integration with SAP were API Gateway generates a SAML response and pass that in a POST body to the SAP ACS endpoint and in response SAP would generate a session cookie. However since CR02 what we're seeing that this behavior is intermittent, Gateway would get the session cookie sometimes but not at other times.
Release : 10.1
Bug in the updated HTTP client library specific for route
Security advisor regarding GW 10.1 CR02
The patches from the DCT show the older CR02 was applied, this patch has bug in the HTTP client library specific for route you are seeing
ssg-appliance-10.1.00-13889_CR02.x86_64
ssg-10.1.00-13889_CR02.noarch
Link to the patches page
https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111613&os=LINUX%20-ALL
BAD: Layer7_API_Gateway_v10.1.00.13889-CR02.L7P
Good: Layer7_API_Gateway_v10.1.00.14326-CR02.L7P
Patch Layer7_API_Gateway_v10.1.00.14326-CR02.L7P can be applied on top of the old CR02