Forum Discussion

Ismail_319212

Nimbostratus

May 09, 2018

Vulnerabilities

Hi, (1)Untrusted TLS/SSL server X.509 certificate (2)TLS/SSL Server is enabling the BEAST attack (3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418) (4)TLS/SSL Birthda...

Noctilucent

May 09, 2018

Yes, you can fix it. Find the below solution. Hope it will help you!!

(1)Untrusted TLS/SSL server X.509 certificate

--> Tag Correct certificate to Profile. Attach SAN certificate, if you have multiple FQDN.

(2)TLS/SSL Server is enabling the BEAST attack

--> Upgrade device to 12.1.3 or Versions known to be not vulnerable. Link

(4)TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

--> Modify the cipher as per requiremnt. Link

(3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)

--> Some tool detect as Vulnerabilities but its not but correct as per requirement. Find the steps below

     1. Log in to tmsh by typing the following command:
       tmsh
       2. To specify the format to be used for the Etag header, type the following command:
        modify /sys httpd include ""FileETag MTime Size""
        3.  Save the configuration change by typing the following command:
           save /sys config
       4.   To restart the httpd service, type the following command:
         restart /sys service httpd"

Thanks

Ismail_319212
Nimbostratus
Jul 13, 2018
How can i configure this command on Gui , please advice me

modify /sys httpd include ""FileETag MTime Size""
Samir_Jha_52506
Noctilucent
Jul 13, 2018
Not seen options in GUI. Yu can apply via cli only.
Ismail_319212
Nimbostratus
Jul 17, 2018
Hi ,

our F5 got error while login gui console ,Please advice me
Samir_Jha_52506
Noctilucent
Jul 20, 2018
You will see above page during config changes, network slowness, httpd service restart, etc. See the tmm, ltm log for more information.