F5 BIG-IP Cookie Remote Information Disclosure

This script is Copyright (C) 2005-2013 Shavlik Technologies, LLC


Synopsis :

The remote load balancer suffers from an information disclosure
vulnerability.

Description :

The remote host appears to be an F5 BIG-IP load balancer. The load
balancer encodes the IP address of the actual web server that it is
acting on behalf of within a cookie. Additionally, information after
'BIGipServer' is configured by the user and may be the logical name of
the device. These values may disclose sensitive information, such as
internal IP addresses and names.

See also :

http://www.nessus.org/u?18dc4740

Solution :

Contact the vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 20089 (bigip_cookie.nasl)

Bugtraq ID:

CVE ID: