Forum Discussion

Nimbostratus

Dec 30, 2013

F5 BIG-IP Cookie Information Disclosure Vulnerability

I ran into an issue, it says "F5 BIG-IP Cookie Information Disclosure Vulnerability". I tried out both solutions as follows, the problem still didn't get resolved. Did I do something wrong? Is there...

Employee

Dec 31, 2013

The default cookie persistence profile inserts a cookie into the browser that starts with "BIGipServer". Do you have any VIPs that use the default cookie persistence profile? As for the encoding, that shouldn't need to change it as long as the cookie name is unrecognizable. I suppose it is possible the scanner is picking up on the format of the cookie value, but I'm betting it's the cookie name that's causing this.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 BIG-IP Cookie Information Disclosure Vulnerability

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

Mitigate OWASP LLM Security Risk: Sensitive Information Disclosure Using F5 NGINX App Protect

F5 BIG-IP Cookie Remote Information Disclosure (20089)

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS