For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Pramod_Gopala_1's avatar
Pramod_Gopala_1
Icon for Nimbostratus rankNimbostratus
Dec 01, 2015

phpinfo Information Disclosure Vulnerability

During a PCI scan test the report has phpinfo Information Disclosure Vulnerability. This was reported on the Public IP of F5's Virtual server.   Can anyone suggest me how to get rid of this vulner...
application delivery
BIG-IP
LTM
koenning_107182's avatar
koenning_107182
Icon for Nimbostratus rankNimbostratus
Dec 01, 2015

Generally this means the code on the pool member side contains a php_info() function call somewhere. If your security scanner exposed this vulnerability, it should also report the URL path returning the output of php_info(). If that URL path (better terminology is URI) is not essential to your application, then you can simply block it with an iRule returning an empty response.

 

when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/your/unique/uri/which/is/vulnerable" } {
     HTTP::respond 200 content ""
 }
}

Let me know if that helps

 

Christian

 

Pramod_Gopala_1's avatar
Pramod_Gopala_1
Icon for Nimbostratus rankNimbostratus
Dec 01, 2015
Thanks Chris.. I have done the changes as you mentioned to the URI's with php_info(). On our new compliance test this weekend it will be get tested, will share you the result. Again Thanks a lot!! Pramod