Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM information leakage category attack type

Hi there,

Can anyone please explain why the following attached HTTP-request traffic categorized as "information Leakage" in ASM traffic log? Thanks Image Text

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Based on your screenshot my wildest guess would be that your persistence cookie isn't encrypted and has the default name. (and that it is leaking the internal ip address and server port)

I can tell your internal server listens on port 443 and it's ip address end's with .152

The ASM could see this as information leaking.

Cheers,

Kees

1
Comments on this Answer
Comment made 2 months ago by Sai 53

HI Kees, Thanks for for the info. i would like to know how did you calculate those un-encrypted persistence cookie to digit .152? yes you are right the ip ends with 152.

Sai

0
Comment made 2 months ago by Kees van den Bos | kees4IP 564

Hi,

There is a website that does it for me ;-) http://www.techietek.com/big-ip-f5-online-cookie-decoder/

Cheers,

Kees

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Sai,

If you enable cookie encryption on the cookie persistence profile, does this mitigate the information leaking?

Cheers,

Kees

0