Description

The web application uses an F5 BIG-IP load balancer. It sets a cookie that may include sensitive information about backend servers. An unauthenticated attacker may decode the cookie and get this information

Remediation

Consult Web references for more information about the possible improvements

References

K6917: Overview of BIG-IP persistence cookie encoding

K14784: Configuring cookie encryption within the HTTP profile

K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

Related Vulnerabilities

Possible sensitive directories

WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)

Symfony debug mode enabled

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)

Elmah.axd / Errorlog.axd Detected

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure