phpinfo Information Disclosure Vulnerability

Question

During a PCI scan test the report has phpinfo Information Disclosure Vulnerability. This was reported on the Public IP of F5's Virtual server.&nbsp;
Can anyone suggest me how to get rid of this vulnerability? Currently the device is running with 11.6 Hotfix5.&nbsp;
Thank you in advance.&nbsp;

petewhite · Answer

If it is on the public IP (presumably the self-IP) then you need to set your self-IP Port Lockdown to None so that externals can't get access to the management GUI. &nbsp;

koenning_107182 · Answer

Generally this means the code on the pool member side contains a php_info() function call somewhere. If your security scanner exposed this vulnerability, it should also report the URL path returning the output of php_info(). If that URL path (better terminology is URI) is not essential to your application, then you can simply block it with an iRule returning an empty response.&nbsp;when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/your/unique/uri/which/is/vulnerable" } {
     HTTP::respond 200 content ""
 }
}Let me know if that helps&nbsp;Christian&nbsp;

pramod_gopala_1 · Answer

Thanks Chris..
I have done the changes as you mentioned to the URI's with php_info(). On our new compliance test this weekend it will be get tested, will share you the result.

Again Thanks a lot!!

Pramod

Forum Discussion

phpinfo Information Disclosure Vulnerability

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 BIG-IP Cookie Remote Information Disclosure (20089)

CVE Vulnerability Information

F5 Releases Out of Band Disclosure in Conjunction With Rapid7

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server