Vulnerabilities on Configuration utility login page.

Question

Hi everyone&nbsp;
I've perform pen-testing and found vulnerabilities on Configuration utility login page like this.&nbsp;
1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.)&nbsp;
2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page.&nbsp;
Can we mitigate these two issue?&nbsp;
ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header.&nbsp;
about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services.&nbsp;
thank you&nbsp;

john_huttley_23 · Answer

What version?&nbsp;
-- John&nbsp;

Forum Discussion

Vulnerabilities on Configuration utility login page.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Solution for delayed BIG-IP page load of the Configuration utility

Coordinated Vulnerability Disclosure: A Balanced Approach

Enhancing Software Security with Rust: A Solution to Common Vulnerabilities

F5 utilization

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS