Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Vulnerability - F5 BIG-IP COOKIE REMOTE INFORMATION DISCLOSURE

One of my client did a Penetration testing on their web application which is load balanced by the F5 LTM, the penetration tester found the following vulnerability on the F5

Can any one help me how can i remove this vulnerability. My F5 version is 11.5.1

Vulnerability Name

F5 BIG-IP COOKIE REMOTE INFORMATION DISCLOSURE

Descripiton

The remote load balancer suffers from an information disclosure vulnerability. The remote host appears to be an F5 BIG-IP load balancer. The load balancer encodes the IP address of the actual web server that it is acting on behalf of within a cookie. Additionally, information after 'BIGipServer' is configured by the user and may be the logical name of the device. These values may disclose sensitive information, such as internal IP addresses and names.

Request Detail

Cookie : BIGipServerWpWeb-http=25615316712.29780.0000 IP : 192.168.X.10
Port : 80 Cookie : BIGipServerWpWeb-http=2600235796.20480.0000 IP
192.168.X.15 Port : 80

Any help will be highly appreciated...

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

F5 LTM are sending session cookies in clear ( default behaviour )

modify the http profile for Virtual Server that use cookie persistence and use the encrypt cookie option

Ref: sol14784: Configuring BIG-IP cookie encryption (10.x - 11.x)

2
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Yes its Working...:) thanks for your support..

0