For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Parveez_70209's avatar
Parveez_70209
Icon for Nimbostratus rankNimbostratus
Feb 25, 2014

CVE-2004-0462 - Vulnerability Issue by Alertlogic

Hi,

 

CVE-2004-0462 - Vulnerability Issue by Alertlogic . Can this be mitigated by setting a "Secure" flag on the cookie attribute with an iRule. Kindly guide into this.

 

Thanks and Regards Parveez

 

application delivery
devops
iRules

4 Replies

  • Vitaliy_Savrans's avatar
    Vitaliy_Savrans
    Icon for Nacreous rankNacreous
    Feb 25, 2014

    Hi, The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. To fix this:

    when HTTP_RESPONSE {
set myValues [HTTP::cookie names]
foreach mycookies $myValues {
   HTTP::cookie secure $mycookies enable
}
}
  • Parveez_70209's avatar
    Parveez_70209
    Icon for Nimbostratus rankNimbostratus
    Mar 04, 2014

    Hi,

     

    I just did it, thanks for letting me know about this.

     

    Will definitely do in future posts too.

     

    Thanks and Regards Parveez