The reporter found that the f5 Big-IP cookies potentially reveal BigIP pool name, backend's IP address and port, routed domain.
There is an option in Big-IP to fix this. Just click, apply and you are done.
The issue is not critical,but it was an easy fix. Note: we will apply this to all domains and no further reports on this for other domains will be accepted never ever.
The Same issue was reported on www.myynti.lahitapiolarahoitus.fi by another reporter. It was fixed for that. But when I test the same issue on lahitapiolarahoitus.fi. It is also causing leakage of information.
I just identify F5 BigIP load balancers and leaks backend information (pool name, backend's IP address and port, routed domain) through cookies inserted by the BigIP system.
SET RHOST lahitapiolarahoitus.fi
[*] Starting request /
[+] F5 BigIP load balancing cookie "BIGipServerltr-prod_pool = 224700608.20480.0000" found
[+] Load balancing pool name "ltr-prod_pool" found
[+] Backend 192.168.100.13:80 found
[*] Auxiliary module execution completed
Attacker can leaks back-end information (pool name, backend's IP address and port, routed domain) through cookies inserted by the BigIP system.