CVE-2013-3587 in Version 14.1.

Question

Hello,&nbsp;A Security Audit asked for CVE-2013-3587.&nbsp;I came over this Info:https://support.f5.com/csp/article/K14634 but this is until Version 13, we're running Version 14.1&nbsp;Does anyone know, how to mitigate this?&nbsp;Or does anyone know, how to handle http compression? There are some (for me) confusing docs on F5

boneyard · Answer

does the security audit really show this is possible or just a vague suggestion? this is something from 2013 and i don't really see much attention for it since.

some suggestions can be found here.

https://www.akamai.com/uk/en/resources/breach-attack.jsp

as the F5 article also mentions this isn't that should be solved on another level, so first have a look at your application / web server.

in the end you can apply the same irule on 14.1 i believe, but as mentioned it might cause issues with the site.

Forum Discussion

CVE-2013-3587 in Version 14.1.

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

upgrade directly from os version 14.1. to 17.1.0

upgrade os version 14.1 to 17.1 concern on apm and asm

Most up to date Cipher Suite for version 14.1.x to increase BitSight findings?

TMOS Version Update Paths

Big IP version 12 API