SOL16135 - OpenSSL vulnerability CVE-2015-0205

2015-02-1200:00:00

support.f5.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

76.3%

JSON

Recommended Action

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.

F5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.

BIG-IP

To mitigate this vulnerability, you should consider the following recommendations:

Revoke and reissue the affected client certificates, if applicable, for your environment.
Disable client certificate authentication for the BIG-IP Configuration utility.

To disable client certificate authentication for the BIG-IP Configuration utility, perform the following procedure:

Impact of action: Performing the following procedure should not have a negative impact on your system.

tmsh
2. Disable the client certificate authentication by typing the following command:

modify /sys httpd ssl-ca-cert-file none ssl-verify-client no

Save the configuration to the configuration files by typing the following command:

save /sys config

LineRate

To mitigate the risk posed by this vulnerability for the affected LineRate versions, you can remove the affected trusted Certificate Authority in the SSL component. For information about removing trusted Certificate Authority for LineRate, refer to the following guides:

Note: The following links take you to a resource outside of AskF5. The third party could remove the documents without our knowledge.

The SSL Mode Commands chapter of the LineRate 2.5.0 CLI Reference Guide
The SSL Mode Commands chapter of the LineRate 2.4.x CLI Reference Guide

Supplemental Information

SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4918: Overview of the F5 critical issue hotfix policy

CPENameOperatorVersion
big-ip ltmle11.6.0
big-ip link controllerle11.6.0
big-ip apmle11.6.0
big-ip analyticsle11.6.0
lineratele2.5.0
big-ip gtmle11.6.0
big-ip pemle11.6.0
big-ip asmle11.6.0
big-ip afmle11.6.0
big-ip aamle11.6.0

Name	Operator	Version
big-ip ltm	le	11.6.0
big-ip link controller	le	11.6.0
big-ip apm	le	11.6.0
big-ip analytics	le	11.6.0
linerate	le	2.5.0
big-ip gtm	le	11.6.0
big-ip pem	le	11.6.0
big-ip asm	le	11.6.0
big-ip afm	le	11.6.0
big-ip aam	le	11.6.0