F5 BIG-IP Cookie Information Disclosure Vulnerability
I ran into an issue, it says "F5 BIG-IP Cookie Information Disclosure Vulnerability". I tried out both solutions as follows, the problem still didn't get resolved. Did I do something wrong? Is there someone able to help me on this? Thank you. (My f5 version is 9.44)
-
Configuring cookie encryption by using the BIG-IP Configuration utility a..Log in to the Configuration utility. b.Click Local Traffic. c.Click Profiles. d.From the Services drop-down menu, select HTTP. e.Click Create. f.Enter a name for the HTTP profile. g.In the Encrypt Cookies box, enter one or more cookie names. h.In the Cookie Encryption Passphrase box, enter a passphrase for the cookie. i.To confirm the passphrase for the cookie, in the Confirm Cookie Encryption Passphrase box, re-type the passphrase. j.Click Update. k.Associate the HTTP profile with the virtual server.
-
HTTP::cookie encrypt / decrypt I added a new iRule as following. 01 when CLIENT_ACCEPTED {