Vulnerabilities on Configuration utility login page.

Hi everyone

 

I've perform pen-testing and found vulnerabilities on Configuration utility login page like this.

 

1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.)

 

2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page.

 

Can we mitigate these two issue?

 

ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header.

 

about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services.

 

thank you