F5 Networks BIG-IP Edge Client: session ID vulnerability (K06635145)
Medium Nessus Plugin ID 102732
SynopsisA web client installed on the remote Windows host is affected by a session id disclosure vulnerability.
DescriptionThe version of the Big-IP Edge Client installed on the remote Windows host is in the range 7071.x through 7132.x. It is, therefore, affected by a flaw in the BIG-IP Edge Client that exposes the current session ID as part of the request URI when sending Keep-Alive requests over an SSL channel. This approach can lead to exploit vulnerabilities in man-in-the-middle (MITM) SSL terminating proxies, which log the complete URI in their logs.
SolutionUpgrade your Big-IP device to 13.0.0 and ensure that all clients reinstall their Edge clients from the upgraded device.