This script is Copyright (C) 2017 Tenable Network Security, Inc.
A web client installed on the remote Windows host is affected
by a session id disclosure vulnerability.
The version of the Big-IP Edge Client installed on the remote Windows
host is in the range 7071.x through 7132.x. It is, therefore, affected
by a flaw in the BIG-IP Edge Client that exposes the current session
ID as part of the request URI when sending Keep-Alive requests over
an SSL channel. This approach can lead to exploit vulnerabilities in
man-in-the-middle (MITM) SSL terminating proxies, which log the
complete URI in their logs.
See also :
Upgrade your Big-IP device to 13.0.0 and ensure that all clients
reinstall their Edge clients from the upgraded device.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now