Description

The web application uses an F5 BIG-IP load balancer. It sets a cookie that may include sensitive information about backend servers. An unauthenticated attacker may decode the cookie and get this information

Remediation

Consult Web references for more information about the possible improvements

References

K6917: Overview of BIG-IP persistence cookie encoding

K14784: Configuring cookie encryption within the HTTP profile

K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

Related Vulnerabilities

Super Refer A Friend Information Disclosure (1.0)

Ruby Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-10933)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

Typo3 Install Tool publicly accessible

Drupal 7 arbitrary PHP code execution and information disclosure

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Information Disclosure