ASM information leakage category attack type

Question

Hi there,&nbsp;
Can anyone please explain why the following attached HTTP-request traffic categorized as "information Leakage" in ASM traffic log? Thanks 
&nbsp;

keesvandenbos · Answer

Based on your screenshot my wildest guess would be that your persistence cookie isn't encrypted and has the default name. (and that it is leaking the internal ip address and server port)&nbsp;
I can tell your internal server listens on port 443 and it's ip address end's with .152&nbsp;
The ASM could see this as information leaking.&nbsp;
Cheers,&nbsp;
Kees&nbsp;

keesvandenbos · Answer

Sai,&nbsp;
If you enable cookie encryption on the cookie persistence profile, does this mitigate the information leaking?&nbsp;
Cheers,&nbsp;
Kees&nbsp;

Forum Discussion

ASM information leakage category attack type

2 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Traffic Intelligence in AFM through Categories

API Security Strategy - Discover and map APIs, block unwanted connection and prevent data leakage

Data Leakage Protection

External Monitor Information and Templates

Implementing SSL Orchestrator - Decryption Bypass by Category