Determined the scan is flagging SSL on the backend F5 management web console. The vulnerabilities are for:
OpenSSL Multiple Remote Security Vulnerabilities & SSL Server Allows Anonymous Authentication Vulnerability
The Ops team met with F5 and the vendor stated that they do not deem this an exploitable vulnerability and therefore have no plans to include in any kernel
update or patch.
How are others dealing with this. Our F5 team is asking me to false-positive this to remove it from our reporting.
Thanks - Stan Willis