Forum Discussion

Cirrus

Jun 05, 2014

SSL/TLS MITM vulnerability (CVE-2014-0224)

Hi folks Did someone get already an official statement from F5 Networks about the latest vulnerability disclosed today? (not heartbleed!) http://www.openssl.org/news/secadv_20140605.txt ...

application delivery

ASM Advanced WAF

BIG-IP Access Policy Manager (APM)

Cirrus

Jun 05, 2014

This answers some questions: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html

TMM is not using openssl for SSL enabled virtual servers except you configure COMPAT ciphers on 11.5.x. The risk on the management traffic (configuration/iControl/big3d) is low as long as your management segment is separated.

But, still, F5 should provide an official statement that their SSL implementation is not affected.

Sven_Leupold_85

Cirrus

Jun 06, 2014

Hello Team, Good Morning. Regarding OpenSSL vulnerability - CVE-2014-0224, F5 Product Development has now assigned ID 465799 (BIG-IP) to this vulnerability. To read more about this vulnerability for versions know to be vulnerable and not vulnerable, please see SOL15325 via the link below. We received a case closed message from F5 pointing to SOL15325: OpenSSL vulnerability - CVE-2014-0224 https://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)