Forum Discussion
NimbostratusVulnerability - F5 BIG-IP COOKIE REMOTE INFORMATION DISCLOSURE
One of my client did a Penetration testing on their web application which is load balanced by the F5 LTM, the penetration tester found the following vulnerability on the F5
Can any one help me how can i remove this vulnerability. My F5 version is 11.5.1
Vulnerability Name
F5 BIG-IP COOKIE REMOTE INFORMATION DISCLOSURE
Descripiton
The remote load balancer suffers from an information disclosure vulnerability. The remote host appears to be an F5 BIG-IP load balancer. The load balancer encodes the IP address of the actual web server that it is acting on behalf of within a cookie. Additionally, information after 'BIGipServer' is configured by the user and may be the logical name of the device. These values may disclose sensitive information, such as internal IP addresses and names.
Request Detail Cookie : BIGipServerWpWeb-http=25615316712.29780.0000 IP : 192.168.X.10 Port : 80 Cookie : BIGipServerWpWeb-http=2600235796.20480.0000 IP 192.168.X.15 Port : 80
Any help will be highly appreciated...
2 Replies
amolariCirrostratus
F5 LTM are sending session cookies in clear ( default behaviour )
modify the http profile for Virtual Server that use cookie persistence and use the encrypt cookie option
Ref: sol14784: Configuring BIG-IP cookie encryption (10.x - 11.x)
siru_129409Yes its Working...:) thanks for your support..
