Forum Discussion
Girishb401
Nimbostratus
NimbostratusCookie Does Not Contain The "secure" Attribute on ltm vip
Our security team reported that multiple vulnerabilities has been detected on one of VIP: 1.2.3.4 (on BIG-IP LTM v12.1.2 version.) Please refer the list as below 1.Cookie Does Not Contain The...
Girishb401Nimbostratus
NimbostratusOK..I am not sure about that we allowed to c provision a BIG-IP ASM (new) on F5 LB.
And I also checked with F5 TAC engineer and he suggested as below
"The security scan will test the traffic all the way through the virtual server, to the pool member. Since the BIG-IP virtual server is not generating the cookie, it must be the pool member server that is generating it. Therefore, the Qualys scan would be indicating that the vulnerable component is the server, NOT the BIG-IP virtual server."
So Finally he is pointing something to check on backend server.
so I am a bit confusion what decision need to take on this