For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Jul 30, 2019

An Application ASP.Net vulnerability.

Dear Experts,   I need help in the following issue for one of our clients: it seems that some of the WEB servers are infected with CVE-2017-9248 vulnerability which allow hackers to remote attack...
ASM Advanced WAF
security
JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Jul 31, 2019

It is a cryptographic weakness inherent in the application. Telerik's solutions is either to patch/upgrade or disable certain functionality (a handler) within the application (See: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness).

 

It seems that neither could be done in your situation from the fact that you were asked to provide a solution on F5.

 

One way of mitigating the situation is to enforce user authentication for the application on the F5, preferably with the use of APM. That way you would have a way of controlling the access at least.

 

  • Muhannad's avatar
    Muhannad
    Icon for Cirrus rankCirrus
    Aug 01, 2019

    Thank you.