Forum Discussion

Cirrus

Sep 13, 2019

Can the F5 Mitigate the HTTP/2 vulnerabilities?

Hi,

We are considering implementing HTTP/2 in our environment at the moment. In August a number of DoS vulnerabilities were identified in HTTP/2. If we make the change for HTTP/2 on the F5, does the F5 do anything to mitigate the risk?

https://nakedsecurity.sophos.com/2019/08/19/netflix-finds-multiple-http2-dos-flaws/

Are there ASM signatures that protect against these issues? If so, what about protection on APM if we add HTTP/2 there?

Any information would be appreciated.

No RepliesBe the first to reply

Forum Discussion

Can the F5 Mitigate the HTTP/2 vulnerabilities?

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Mitigating recent HTTP/2 DoS vulnerabilities with BIG-IP

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform

Vulnerability Mitigation

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

Mitigating OWASP Web Application Risk: Vulnerable & Outdated Components using F5 XC Platform