Vulnerabilities on Configuration utility login page.

Question

Hi everyone&nbsp;
I've perform pen-testing and found vulnerabilities on Configuration utility login page like this.&nbsp;
1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.)&nbsp;
2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page.&nbsp;
Can we mitigate these two issue?&nbsp;
ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header.&nbsp;
about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services.&nbsp;
thank you&nbsp;

john_huttley_23 · Answer

What version?&nbsp;
-- John&nbsp;

Forum Discussion

Vulnerabilities on Configuration utility login page.

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

BIG-IP Configuration utility vulnerability CVE-2023-38138

BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

Solution for delayed BIG-IP page load of the Configuration utility

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747