AnsweredAssumed Answered

SSL Vulnerabilities on F5

Question asked by Stan Willis on Jun 4, 2015

Determined the scan is flagging SSL on the backend F5 management web console.  The vulnerabilities are for:

OpenSSL Multiple Remote Security Vulnerabilities & SSL Server Allows Anonymous Authentication Vulnerability

 

The Ops team met with F5 and the vendor stated that they do not deem this an exploitable vulnerability and therefore have no plans to include in any kernel
update or patch.

 

How are others dealing with this. Our F5 team is asking me to false-positive this to remove it from our reporting.

Thanks - Stan Willis

Outcomes