cancel
Showing results for 
Search instead for 
Did you mean: 

CVE-2013-3587 in Version 14.1.

kgaigl
Cirrostratus
Cirrostratus

Hello,

 

A Security Audit asked for CVE-2013-3587.

 

I came over this Info:

https://support.f5.com/csp/article/K14634 but this is until Version 13, we're running Version 14.1

 

Does anyone know, how to mitigate this?

 

Or does anyone know, how to handle http compression? There are some (for me) confusing docs on F5

1 REPLY 1

boneyard
MVP
MVP

does the security audit really show this is possible or just a vague suggestion? this is something from 2013 and i don't really see much attention for it since.

 

some suggestions can be found here.

 

https://www.akamai.com/uk/en/resources/breach-attack.jsp

 

as the F5 article also mentions this isn't that should be solved on another level, so first have a look at your application / web server.

 

in the end you can apply the same irule on 14.1 i believe, but as mentioned it might cause issues with the site.