AnsweredAssumed Answered

QID 38613 - TLS Client Finish Message Validation Vulnerability

Question asked by Bernie Weidel on Aug 26, 2015
Latest reply on Dec 4, 2015 by Chalky_White

We have confirmed that "all" F5 devices are not vulnerable to QID 38613: SOL16970 - TLS Finish Message vulnerability CVE-2015-5517 and so this can be submitted as a PCI False Positive Request on F5 devices with a statement to that effect.


If you are running another vendor, you would need to contact the vendor to confirm if their product is vulnerable.