Description

The web application uses an F5 BIG-IP load balancer. It sets a cookie that may include sensitive information about backend servers. An unauthenticated attacker may decode the cookie and get this information

Remediation

Consult Web references for more information about the possible improvements

References

K6917: Overview of BIG-IP persistence cookie encoding

K14784: Configuring cookie encryption within the HTTP profile

K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

Related Vulnerabilities

WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)

Java Management Extensions (JMX/RMI) service detected

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)

WordPress Plugin Customize WordPress Emails and Alerts-Better Notifications for WP Information Disclosure (1.8.6)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N