Forum Discussion

Cirrus

Sep 13, 2019

Can the F5 Mitigate the HTTP/2 vulnerabilities?

Hi,

We are considering implementing HTTP/2 in our environment at the moment. In August a number of DoS vulnerabilities were identified in HTTP/2. If we make the change for HTTP/2 on the F5, does the F5 do anything to mitigate the risk?

https://nakedsecurity.sophos.com/2019/08/19/netflix-finds-multiple-http2-dos-flaws/

Are there ASM signatures that protect against these issues? If so, what about protection on APM if we add HTTP/2 there?

Any information would be appreciated.

No RepliesBe the first to reply

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Can the F5 Mitigate the HTTP/2 vulnerabilities?

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform AS3 code for GTM Only.

BIG-IP device fails to install node-inspector

WAF Block Request

AST Configuration Assistance

F5 HA deployment in Azure using Azure Load Balancer

Related Content

Mitigating Log4j Vulnerability using F5 BIG-IP

The State Of HTTP/2 With F5 LTM

Mitigating recent HTTP/2 DoS vulnerabilities with BIG-IP

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS