Forum Discussion
AltostratusQuestion about Vulnerability on BIG IP System CVE-2014-0224
Hi Community,
Vulnerabilty: CVE-2014-0224
The question is: If i have BIG IP System that runs 11.2.1 Version with the LTM and ASM module currently active,
Is my BIG IP System affected by this Vulnerability? Because the version 11.2.1 isn't listed in the "versions known to be vulnerable"
Current OpenSSL Version: 0.9.8u (command openssl version on CLI) http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html
What is the possible way to fix this Vulnerabilty?
Thanks in advance,
M.
4 Replies
Sven_Leupold_85Cirrus
The solution http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html says:
a) 11.0.0 - 11.4.1
b) 10.0.0 - 10.2.4
are not affected. So with 11.2.1 you are in range a), right? Check if you are really using openssl (COMPAT ciphers ) in your SSL profiles. If not, only the management traffic and the monitors are under concern.
MDPF5_152674But a) range and b) range are listed on : Versions known to be not vulnerable- Sven_Leupold_85You're right! In that case I would say that you are not affected at all. Your's is in "Versions known to be not vulnerable" range (a).
- MDPF5_152674Ok, but i think that my OpenSSL version 0.9.8u is vulnerable (that it's what the documentation says) So, is a documentation error? Or is my fault? Thank You
