Description

The web application uses an F5 BIG-IP load balancer. It sets a cookie that may include sensitive information about backend servers. An unauthenticated attacker may decode the cookie and get this information

Remediation

Consult Web references for more information about the possible improvements

References

K6917: Overview of BIG-IP persistence cookie encoding

K14784: Configuring cookie encryption within the HTTP profile

K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15099)

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

Error messages

[Possible] Internal Path Disclosure (*nix)

WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure