|
|
|
|
|
|
|
| |
F5 BIG-IP Cookie Information Disclosure |
|
| This script is Copyright (C) 2005-2010 Shavlik Technologies, LLC |
|
|
| Family | Web Servers |
| Nessus Plugin ID | 20089 (bigip_cookie.nasl) |
| Bugtraq ID |
|
| CVE ID |
|
|
| Description: |
Synopsis :
The remote load balancer suffers from an information disclosure
vulnerability.
Description :
The remote host appears to be a F5 BigIP load balancer which encodes
within a cookie the IP address of the actual web server it is acting
on behalf of. Additionally, information after 'BIGipServer' is
configured by the user and may be the logical name of the device.
These values may disclose sensitive information, such as internal IP
addresses and names.
Solution :
Contact the vendor for a fix.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
|
|
|
|
|
|
