An Application ASP.Net vulnerability.

Question

Dear Experts,&nbsp;I need help in the following issue for one of our clients: it seems that some of the WEB servers are infected with CVE-2017-9248&nbsp;vulnerability&nbsp;which allow hackers to remote attack and defeat cryptographic protection leading to arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.It seems this done via Telerik.Web.UI.WebResource.axd where the attacker where able to comprmise the Website and upload some webshells and files.&nbsp;I am searching for a way to stop this exploit from ASM with no luck, I would appreciate any support regarding it.&nbsp;Regards,Muhannad

jg · Answer

It is a cryptographic weakness inherent in the application. Telerik's solutions is either to patch/upgrade or disable certain functionality (a handler) within the application (See: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness).

It seems that neither could be done in your situation from the fact that you were asked to provide a solution on F5.

One way of mitigating the situation is to enforce user authentication for the application on the F5, preferably with the use of APM. That way you would have a way of controlling the access at least.

muhannad · Answer

Thank you.

Forum Discussion

An Application ASP.Net vulnerability.

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Mitigating OWASP Web Application Risk: Vulnerable & Outdated Components using F5 XC Platform

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

VIPTest: Rapid Application Testing for F5 Environments

Coordinated Vulnerability Disclosure: A Balanced Approach

Vulnerability Assessment with Application Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS