For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ismail_319212's avatar
Ismail_319212
Icon for Nimbostratus rankNimbostratus
May 09, 2018

Vulnerabilities

Hi,   (1)Untrusted TLS/SSL server X.509 certificate   (2)TLS/SSL Server is enabling the BEAST attack   (3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)   (4)TLS/SSL Birthda...
BIG-IP
devops
LTM
security
Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent
May 09, 2018

Yes, you can fix it. Find the below solution. Hope it will help you!!

(1)Untrusted TLS/SSL server X.509 certificate

--> Tag Correct certificate to Profile. Attach SAN certificate, if you have multiple FQDN.

(2)TLS/SSL Server is enabling the BEAST attack

--> Upgrade device to 12.1.3 or Versions known to be not vulnerable. Link

(4)TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

--> Modify the cipher as per requiremnt. Link

(3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)

--> Some tool detect as Vulnerabilities but its not but correct as per requirement. Find the steps below

     1. Log in to tmsh by typing the following command:
       tmsh
       2. To specify the format to be used for the Etag header, type the following command:
        modify /sys httpd include ""FileETag MTime Size""
        3.  Save the configuration change by typing the following command:
           save /sys config
       4.   To restart the httpd service, type the following command:
         restart /sys service httpd"

Thanks

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent
Jul 13, 2018

Not seen options in GUI. Yu can apply via cli only.