SSL Certificate - Signature Verification Failed Vulnerability
Hi,
i have following vulnerability on the scan.Can some body know how to fix this
F5 ASM version 11.4
SSL Certificate - Signature Verification Failed Vulnerability
CVSS Temporal: 6.9 TCP/443 An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority. If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication. Compliance Status Fail Impact By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur. Exception: If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature. Category General remote services Port 443 CVSS Base Score 9