Forum Discussion

kridsana's avatar
Icon for Cirrocumulus rankCirrocumulus
Jan 08, 2019

Vulnerabilities on Configuration utility login page.

Hi everyone


I've perform pen-testing and found vulnerabilities on Configuration utility login page like this.


1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.)


2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page.


Can we mitigate these two issue?


ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header.


about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services.


thank you