For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RAQS's avatar
RAQS
Icon for Cirrus rankCirrus
Dec 12, 2021

Vulnerability | https://support.f5.com/csp/article/K19026212

Hi All,   hope you all are doing great.   Regarding recent vulnerability (K19026212), it seems F5 module’s are not vulnerable to it but in a way to protect to Backend server we can apply sugg...
application delivery
LTM
Josiah's avatar
Josiah
Icon for Employee rankEmployee
Dec 13, 2021

For any security related issue, you should really open a support case and receive official advice from the security team. I post here with an F5 badge, but I am not a member of the SRT team and this should not be considered an official F5 security response.

 

1) only in front of APACE is fine

2) nothing is life is free, especially security! it takes time and CPU to execute irules and memory to store variables. the amount is likely trivial for most people, but what is trivial or not will differ depending on your needs

3) it scans the contents of the HTTP request for known attack signature patterns and drops the request if a match is found