F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!
A Security Audit asked for CVE-2013-3587.
I came over this Info:
https://support.f5.com/csp/article/K14634 but this is until Version 13, we're running Version 14.1
Does anyone know, how to mitigate this?
Or does anyone know, how to handle http compression? There are some (for me) confusing docs on F5
does the security audit really show this is possible or just a vague suggestion? this is something from 2013 and i don't really see much attention for it since.
some suggestions can be found here.
as the F5 article also mentions this isn't that should be solved on another level, so first have a look at your application / web server.
in the end you can apply the same irule on 14.1 i believe, but as mentioned it might cause issues with the site.
or learn more...