A way to mitigate CVE-2017-8295

Question

Hello experts,
I may be wrong in my approach, but I'm trying to mitigate CVE-2017-8295 by forcing the request to a know fixed host name, (e.g. ).
So when another requested host reach my virtual server, it will be blocked preventing the attacker from receiving the password reset of the admin user in their fake domain (Return-Path).&nbsp;
The problem is that I am not able to do this with ASM, so when I'm trying to force that hostname into the list of known host names (Application Security &gt; Headers &gt; Host Names).&nbsp;
Is there any right way to do this? Because the ASM policy is ignoring the fake test host name even when I try to block everything related to host names (CSRF, redirection protection, etc).
(Yes, the ASM isn't staging for all objects and is in blocking mode)&nbsp;
Any idea? I'll appreciate it.&nbsp;
Regards.&nbsp;

nathe · Answer

cjunior,
I dont believe this Host Header configuration object works as you believe it should, rather it is a way of telling certain protections of internal/external host names.
Anyway, another option is to create a custom attack signature perhaps? You would want to use the headercontent value to not match the actual host address. 
Something like this should work: headercontent:"Host"; nocase; re2:!"/www.example.com/"; nocase;
See if this helps,
N

Forum Discussion

A way to mitigate CVE-2017-8295

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

F5 Distributed Cloud L3-L7 DDoS Mitigation

Cyber Security Attack Mitigations with BIG-IP features

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Mitigating OWASP API Security risks using BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS