Forum Discussion

Nimbostratus

Apr 09, 2014

Is my F5 4200 LTM vulnerable to the http://heartbleed.com exploit?

Get the latest updates on how F5 mitigates Heartbleed Does F5 use any of the vulnerable versions of openSSL? Status of different versions: OpenSSL 1.0.1 through 1.0.1f (inclusive) are v...

application delivery

LTM

security

Cory_50405
Apr 09, 2014
F5's official response is here:

http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Mahmoud_Eldeeb_

Cirrostratus

Apr 13, 2014

Virtual servers using an SSL profile configured with the default Native SSL ciphers are not vulnerable. Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1. In addition, virtual servers that do not use SSL profiles and pass SSL traffic to the back-end web servers will not protect the back-end resource servers.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Is my F5 4200 LTM vulnerable to the http://heartbleed.com exploit?

Recent Discussions

DNS HM Probe issue

dynamic signature detection

F5 looses the token for the first call

ports are showing open on online scanning tool

self-directed requests fail because of no certificate

Related Content

What is Web Cache Exploitation?

Top exploited vulnerabilities of 2022 and more - This Week in Security - Dec 26th to Dec 30th

CrowdStrike Struck, PHP CVEs, Race to Exploitation Mountain and KEVs

CVE-2021-26855 (SSRF) HAFNIUM APT Group Exploiting Microsoft Exchange Vulnerabilities

Chrome zero-day fix MS Copilot Log4Shel still being exploited

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS