F5 Networks, Inc. Information for VU#744929

mod_ssl fails to properly enforce client certificates authentication



Vendor Statement

BigIP v4 and v9 do not support client-side authentication to the Management user interface, so the vulnerability does not apply.

FirePass is not vulnerable.

TrafficShield uses Apache 2.0.53 and therefore is vulnerable. A hotfix will be forthcoming and included in the next security hotfix to be issued on TrafficShield 3.2.1.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.