F5F5:K5857K5857 : Client certificate check vulnerability in Apache - CVE-2005-2700
5.8 Medium
AI Score
Confidence
Low
Security Advisory Description
Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information on F5 Networks’ security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602: Overview of F5 Networks security vulnerability response policy.
F5 Networks products and versions that have been evaluated for this Security Advisory
| Product | Affected | Not Affected |
|---|---|---|
| BIG-IP LTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP GTM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP ASM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP Link Controller | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WebAccelerator | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP PSM | None | 9.x |
| 10.x | ||
| 11.x | ||
| BIG-IP WAN Optimization | None | 10.x |
| 11.x | ||
| BIG-IP APM | None | 10.x |
| 11.x | ||
| BIG-IP Edge Gateway | None | 10.x |
| 11.x | ||
| BIG-IP Analytics | ||
| None | 11.x | |
| BIG-IP AFM | ||
| None | 11.x | |
| BIG-IP PEM | ||
| None | 11.x | |
| FirePass | None | 3.x |
| 4.x | ||
| 5.x | ||
| 6.x | ||
| 7.x | ||
| Enterprise Manager | None | 1.x |
| 2.x | ||
| 2.x |
In the default configuration, BIG-IP and 3-DNS do not require client certificates to connect to the Configuration utility. This vulnerability cannot be exploited without making unsupported changes to the BIG-IP or 3-DNS web server configuration.
This problem was tracked as CR53583 and CR53585 and was fixed in BIG-IP and 3-DNS version 4.5.14.
Related
