SOL23332326 - Apache HTTPD vulnerability CVE-2010-2791

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The**Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.

To mitigate this vulnerability for affected F5 products, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL7448: Restricting access to the Configuration utility by source IP address (9.x - 10.x) and SOL13092: Overview of securing access to the BIG-IP system.

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5