Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0585 BIG-IP APM web pages may be indexed by search engines 26 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F5 BIG-IP products Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade Original Bulletin: https://support.f5.com/csp/article/K88126845 - --------------------------BEGIN INCLUDED TEXT-------------------- K88126845:BIG-IP APM web pages may be indexed by search engines Security Advisory Original Publication Date: 26 Feb, 2019 Security Advisory Description This issue occurs when all of the following conditions are met: o Users connect to the BIG-IP APM system through the internet. o The BIG-IP APM system is reachable by search engines. Impact BIG-IP APM web pages may be enumerated and other data may be disclosed. Symptoms As a result of this issue, you may encounter the following symptom: o Web pages for your BIG-IP APM system are indexed by search engines. Security Advisory Status F5 Product Development has assigned ID 449232 to this issue. F5 has confirmed that this issue exists in the products listed in the Applies to (see versions) box, located in the upper-right corner of this article. For information about releases, point releases, or hotfixes that resolve this issue, refer to the following table. +------------------+------------------+---------------------------------------+ |Type of fix |Fixes introduced |Related articles | | |in | | +------------------+------------------+---------------------------------------+ |Release |11.6.0 |K2200: Most recent versions of F5 | | | |software | +------------------+------------------+---------------------------------------+ |Point release/ |None |None | |hotfix | | | +------------------+------------------+---------------------------------------+ Security Advisory Recommended Actions Workaround o Updating the robots.txt file o Creating an iRule that responds with the Disallow directive Updating the robots.txt file To mitigate this issue, you can instruct web crawlers to avoid the BIG-IP web pages by updating the robots.txt file. In the robots.txt file on the backend server that is accessed through the virtual server, add the following lines: User-Agent: * Disallow: / Impact of action: Performing the suggested action should not have a negative impact on your system. Creating an iRule that responds with the Disallow directive To work around this issue using an iRule, you can create a rule that matches requests for the /robots.txt file and responds with the Disallow directive. To do so, perform the following procedure: Impact of workaround: Performing the following procedure should not have a negative impact on your system. 1. Log in to the BIG-IP APM Configuration utility. 2. Navigate to Local Traffic > iRules. 3. Click Create. 4. In the Name box, enter a name for the iRule. 5. In the Definition box, enter the following code: when HTTP_REQUEST { if { [string tolower [HTTP::path]] ends_with "/robots.txt" }{ HTTP::respond 200 content "User-agent: *\r\nDisallow: /" } } 6. Click Finished. 7. Navigate to Local Traffic > Virtual Servers. 8. In the Resources column, click Edit for the affected virtual server. 9. Under iRules, click Manage. 10. In the Available box, click the name of the newly created iRule and move it to the Enabled box. 11. Click Finished. Supplemental Information o K51812227: Understanding Security Advisory versioning o K41942608: Overview of AskF5 Security Advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 13.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXHTAh2aOgq3Tt24GAQgKxw/+O66DrX3eIx/3l0pqz7OCbMXnVrcxj3O9 KRoB8VN2lQsYbb+s0XoE8kZt65YcxCztHvizXG9VFd0vDfY3yQ9Omtrdj5UGQmno w03xJgq5bIskY51trByLzy05kbD3V1+IlE2D+ulkQHYEmcsPJe5YKmHRNfmMw3bF Hlm7NcuzJOrJZsLJxwwU9aJ2yLLhCoH7/6DxyKyB7T8reHU16f3G6Aw5vc4T/lQi dYRKvFUs9DTeW5Z+Ps9mxbiQymfBfcOAteh2AKvQPNk3tfa+tS2p9T7HDJVwOf9O Ckn3vFWRt0E7moHDNxTjuUmLiw3YP2G5SE7AaBh7M+Y8VwdfpXhQ54HGF44Vkdt2 YfSHE5H83UMOyoESUBGGgMmNtqMD2HZmCKj29Rf1b2NlrONICFDn4bOP7cy7f+D4 XAnbX/+I/4u3RhHM+ed7pf5ASjkl8NkpRlgO432CUbF9CioIivqEvB4BiRl1Id6z O4vnbOLJRMje/Dol0c6xZFM+vT8Ig61buVgJWwQuRV+gvepZr6w+hZOq7bYwgbqw YDeIz/wSw/jT5mHkFjkTmP8g9Eb4jWTp20h/sBIRN3uSlk98ne2uFmGcDoW7NXUd oIkON+E4/j6bRz8KpPExol9s4Raud9OSzuZmJf6jJeYjQi747GT7v1qVTTpqBv1V 4Ijfq63mu3o= =FdAI -----END PGP SIGNATURE-----