F5SOL17238SOL17238 - Node.js vulnerability CVE-2015-5380
EPSS
Percentile
81.1%
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
There is no mitigation for this vulnerability. However, F5 recommends that you permit management access to affected F5 products only over a secure network, and limit shell access to trusted users. For more information about securing access to BIG-IP systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.
Supplemental Information
- SOL9970: Subscribing to email notifications regarding F5 products
- SOL9957: Creating a custom RSS feed to view new and updated documents
- SOL4602: Overview of the F5 security vulnerability response policy
- SOL4918: Overview of the F5 critical issue hotfix policy
- SOL167: Downloading software and firmware from F5
References
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html
Related
