Vulnerability scanner scan Virtual server found UDP 161 but there is no vip udp port 161?
Hi As title, I used ulnerability scanner to scan virtual server IP to found any open port (I have VIP port 443, 22, 80) result is scanner found UDP port 161 is opened but there is no vip udp port 161 in configuration. Why is UDP port 161 is found? is it by default that every virtual server is open/received port udp 161 too? Thank you
LTM :: SMTPS Command Injection
It seems the SMTPS profile on the LTM allows command injection. It is detected as: SMTP Service STARTTLS Plaintext Command Injection (52611) :: The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials. To test, we modified the standard python smtplib library to send a malicious version of the command by appending the HELP command after STARTTLS. Packet capture shows execution of the command: What have folks done to get around this outside of writing an iRule? This is what I came up with... which SEEMS to work... but I'm by no means an expert. when CLIENT_DATA { if { [string tolower [TCP::payload 10]] starts_with "starttls" } { TCP::payload replace 0 [TCP::payload length] "STARTTLS\r\n" } TCP::release TCP::collect } when SERVER_CONNECTED { TCP::collect } when SERVER_DATA { TCP::release clientside { TCP::collect } }Vulnerabilities on Configuration utility login page.
Hi everyone I've perform pen-testing and found vulnerabilities on Configuration utility login page like this. 1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.) 2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page. Can we mitigate these two issue? ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header. about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services. thank you
images and hot fixes
Dears, Im doing a security assessment for the F5 device, and I found 2 vulnerabilities on my image which is 10.2.4 hf2 as per f5 documents : one of them can be solved by hf3 and the second can be solved by hf4 so if i installed hf3 then installed hf4 over it, will this fix the two vulnerabilities ?
OpenSSL vulnerability and Apache Commons FileUpload vulnerability CVE-2014-0050
Hi, I'm big-ip version 11.5.1 HF2 and my BIG-IP iHealth station featuring some vulnerabilities and am not getting correct. 1 - Configuration utility / Apache Commons FileUpload vulnerability CVE-2014-0050 how to make safe configuration utility, this article did not help me much: SOL15189 2 - COMPAT SSL ciphers / OpenSSL vulnerability CVE-2013-6449 This article also did not help me much to fix these vulnerabilities: sol15147 Anyone know how to fix?F5 update check issue
We have "Update check" Enabled on F5 and its weekly schedule but in same page it is showing. Why it is saying last update was on 2014? Last Checked Version11.6.0.0.0.401 Latest Update CheckFri Dec 26 04:02:09 EST 2014 (Automatic) Available UpdateSoftware is up-to-date. Available HotfixHotfix-BIGIP-11.6.0.2.0.405-HF2 iso installation file Geo Location Software Version Last Checked Version1.0.1-20140703.99.0 Latest Update CheckFri Dec 26 04:02:09 EST 2014 (Automatic) Available Updateip-geolocation-1.0.1-20141204.119.0 End User Diagnostics (EUD) Software Version Last Checked Version2.6.0.8.0 Latest Update CheckFri Dec 26 04:02:09 EST 2014 (Automatic) Available UpdateEUD_T-2.6.0.9.0.isoIssue with TLS Version 1.1 Deprecated Protocol
My vuln scanner is popping hot for an issue on only one of my tenants. The issue describes the following. " Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. - TLSv1.1 is enabled and the server supports at least one cipher. " I've read a few articles on where to disable this ins BIG-IP and from what I can gather I don't see where I have TLS 1.1 enabled on this guest or the handful of services I run on it. This issue is still showing on my vulnerability report as of this passed Wednesday so its clear I'm missing something. Any suggestions?
