F5 Networks BIG-IP Edge Client: session ID vulnerability (K06635145)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

A web client installed on the remote Windows host is affected
by a session id disclosure vulnerability.

Description :

The version of the Big-IP Edge Client installed on the remote Windows
host is in the range 7071.x through 7132.x. It is, therefore, affected
by a flaw in the BIG-IP Edge Client that exposes the current session
ID as part of the request URI when sending Keep-Alive requests over
an SSL channel. This approach can lead to exploit vulnerabilities in
man-in-the-middle (MITM) SSL terminating proxies, which log the
complete URI in their logs.

See also :


Solution :

Upgrade your Big-IP device to 13.0.0 and ensure that all clients
reinstall their Edge clients from the upgraded device.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 102732 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now