Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5SOL16123
HistoryFeb 11, 2015 - 12:00 a.m.

SOL16123 - OpenSSL vulnerability CVE-2014-3571

2015-02-1100:00:00
support.f5.com
28

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.716 High

EPSS

Percentile

97.7%

JSON

*The SOD process is only vulnerable if thefailover.securedatabase variable is enabled; the database variable is disabled by default.

Recommended Action

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.

F5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.

To mitigate this vulnerability for the BIG-IP system, you can perform the following tasks:

  • Verify that DTLS virtual servers referencing SSL profiles do not permit COMPAT SSL ciphers.
  • If you are using secure-mode for failover (tmsh list /sys db failover.secure), verify that the failover traffic is only allowed on an isolated VLAN.

To mitigate this vulnerability for Traffix-SDC, you can perform the following tasks:

  • Install the upgrade package that contains openssl-1.0.1e-30.

Supplemental Information

  • SOL9970: Subscribing to email notifications regarding F5 products
  • SOL9957: Creating a custom RSS feed to view new and updated documents
  • SOL4918: Overview of the F5 critical issue hotfix policy
  • SOL167: Downloading software and firmware from F5

Related

checkpoint_advisories 1
ubuntucve 1
openssl 1
cve 2
f5 1
nessus 47
veracode 1
prion 1
debiancve 1
openvas 32
fedora 3
oraclelinux 10
ibm 36
debian 3
osv 2
centos 1
securityvulns 11
redhat 1
aix 1
ubuntu 1
kaspersky 2
slackware 1
archlinux 1
altlinux 6
suse 3
freebsd_advisory 1
freebsd 1
cisco 1
mageia 1
amazon 1
oracle 8
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS dtls1_get_record Segmentation Fault Denial of Service (CVE-2014-3571)
2015-01-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-3571
2015-01-08 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-3571
2015-01-05 00:00:00
cve
cve
CVE-2014-3571
2015-01-09 02:59:00
CVE-2015-3571
2016-04-26 10:59:00
f5
f5
K16123 : OpenSSL vulnerability CVE-2014-3571
2015-09-18 00:00:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (SOL16123)
2015-02-12 00:00:00
Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)
2015-01-13 00:00:00
Debian DLA-132-1 : openssl security update (FREAK)
2015-03-26 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 06:41:02
prion
prion
Null pointer dereference
2015-01-09 02:59:00
debiancve
debiancve
CVE-2014-3571
2015-01-09 02:59:00
openvas
openvas
Fedora Update for openssl FEDORA-2015-0512
2015-01-14 00:00:00
Oracle: Security Advisory (ELSA-2015-2616)
2015-12-15 00:00:00
Oracle: Security Advisory (ELSA-2015-3010)
2015-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
[SECURITY] Fedora 20 Update: openssl-1.0.1e-41.fc20
2015-01-20 21:05:44
[SECURITY] Fedora 20 Update: openssl-1.0.1e-42.fc20
2015-03-23 07:18:26
oraclelinux
oraclelinux
openssl security update
2016-05-31 00:00:00
openssl security update
2015-12-14 00:00:00
openssl security update
2015-02-26 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275)
2019-01-31 01:55:01
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206)
2018-06-17 14:56:42
Security Bulletin: OpenSSL security vulnerabilities in IBM SONAS (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)
2018-06-18 00:09:22
debian
debian
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:32
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:31
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-01-11 00:00:00
centos
centos
openssl security update
2015-01-20 21:00:39
securityvulns
securityvulns
[USN-2459-1] OpenSSL vulnerabilities
2015-01-13 00:00:00
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities
2015-09-14 00:00:00
redhat
redhat
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox
2015-07-14 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt0.M70P.1
2015-01-12 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0p-alt0.M60P.1
2015-04-23 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
Security update for MySQL (important)
2015-05-26 15:04:53
Security update for libopenssl0_9_8 (important)
2016-03-03 14:11:44
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.716 High

EPSS

Percentile

97.7%

JSON
Related for SOL16123
checkpoint_advisories1ubuntucve1openssl1cve2f51nessus47veracode1prion1debiancve1openvas32fedora3oraclelinux10ibm36debian3osv2centos1securityvulns11redhat1aix1ubuntu1kaspersky2slackware1archlinux1altlinux6suse3freebsd_advisory1freebsd1cisco1mageia1amazon1oracle8