Forum Discussion
NimbostratusVulnerabilities
Hi,
(1)Untrusted TLS/SSL server X.509 certificate
(2)TLS/SSL Server is enabling the BEAST attack
(3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)
(4)TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
How can I fix? BIGIP-12.1.0.1.0.1447-HF1 Thanks
Samir_Jha_52506Noctilucent
Yes, you can fix it. Find the below solution. Hope it will help you!!
(1)Untrusted TLS/SSL server X.509 certificate
--> Tag Correct certificate to Profile. Attach SAN certificate, if you have multiple FQDN.
(2)TLS/SSL Server is enabling the BEAST attack
--> Upgrade device to 12.1.3 or Versions known to be not vulnerable. Link
(4)TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
--> Modify the cipher as per requiremnt. Link
(3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)
--> Some tool detect as Vulnerabilities but its not but correct as per requirement. Find the steps below
1. Log in to tmsh by typing the following command: tmsh 2. To specify the format to be used for the Etag header, type the following command: modify /sys httpd include ""FileETag MTime Size"" 3. Save the configuration change by typing the following command: save /sys config 4. To restart the httpd service, type the following command: restart /sys service httpd"Thanks
- Ismail_319212
How can i configure this command on Gui , please advice me
modify /sys httpd include ""FileETag MTime Size""
- Samir_Jha_52506
Not seen options in GUI. Yu can apply via cli only.
- Ismail_319212
Hi ,
our F5 got error while login gui console ,Please advice me