kridsana
Jan 08, 2019Cirrocumulus
Vulnerabilities on Configuration utility login page.
Hi everyone
I've perform pen-testing and found vulnerabilities on Configuration utility login page like this.
1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.)
2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page.
Can we mitigate these two issue?
ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header.
about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services.
thank you