CVE-2013-3587 in Version 14.1.

Question

Hello,&nbsp;A Security Audit asked for CVE-2013-3587.&nbsp;I came over this Info:https://support.f5.com/csp/article/K14634 but this is until Version 13, we're running Version 14.1&nbsp;Does anyone know, how to mitigate this?&nbsp;Or does anyone know, how to handle http compression? There are some (for me) confusing docs on F5

boneyard · Answer

does the security audit really show this is possible or just a vague suggestion? this is something from 2013 and i don't really see much attention for it since.

some suggestions can be found here.

https://www.akamai.com/uk/en/resources/breach-attack.jsp

as the F5 article also mentions this isn't that should be solved on another level, so first have a look at your application / web server.

in the end you can apply the same irule on 14.1 i believe, but as mentioned it might cause issues with the site.

Forum Discussion

CVE-2013-3587 in Version 14.1.

Recent Discussions

301 redirect and waf policy log problem

Big-IP VE edition for MacBook M4 Chip

ASD

Background Tasks

APM with EntraID as idP / request signed

Related Content

Most up to date Cipher Suite for version 14.1.x to increase BitSight findings?

Big IP version 12 API

BIGdiff Version 2

F5OS Tenants TMOS version upgrade

How to change TLS version 1.0 settings to version 1.2 or 1.3 in F5 DDoS product

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS