OpenSSL vulnerability and Apache Commons FileUpload vulnerability CVE-2014-0050

Question

Hi, &nbsp;
I'm big-ip version 11.5.1 HF2 and my BIG-IP iHealth station featuring some vulnerabilities and am not getting correct. &nbsp;
1 - Configuration utility / Apache Commons FileUpload vulnerability CVE-2014-0050
how to make safe configuration utility, this article did not help me much: SOL15189 &nbsp;
2 - COMPAT SSL ciphers / OpenSSL vulnerability CVE-2013-6449 
This article also did not help me much to fix these vulnerabilities: sol15147 &nbsp;
Anyone know how to fix?&nbsp;

cory_50405 · Answer

As long as you don't allow management access to your BIG-IP appliance over any production links and you have an isolated management network where only trusted/cleared personnel can access, then these risks are mitigated as well as they can be. You don't have any upgrade paths to mitigate these vulnerabilities completely.

what_lies_bene1 · Answer

is resolved, see here: http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

rodrigo_n_soare · Answer

Ok. Thank you.&nbsp;

Forum Discussion

OpenSSL vulnerability and Apache Commons FileUpload vulnerability CVE-2014-0050

3 Replies

Recent Discussions

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Disk space full - what files, folders are safe to delete?

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform