Forum Discussion

kgaigl's avatar
kgaigl
Icon for Cirrocumulus rankCirrocumulus
Jul 22, 2021

CVE-2013-3587 in Version 14.1.

Hello,

 

A Security Audit asked for CVE-2013-3587.

 

I came over this Info:

https://support.f5.com/csp/article/K14634 but this is until Version 13, we're running Version 14.1

 

Does anyone know, how to mitigate this?

 

Or does anyone know, how to handle http compression? There are some (for me) confusing docs on F5

  • does the security audit really show this is possible or just a vague suggestion? this is something from 2013 and i don't really see much attention for it since.

     

    some suggestions can be found here.

     

    https://www.akamai.com/uk/en/resources/breach-attack.jsp

     

    as the F5 article also mentions this isn't that should be solved on another level, so first have a look at your application / web server.

     

    in the end you can apply the same irule on 14.1 i believe, but as mentioned it might cause issues with the site.