For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mortoj_167568's avatar
mortoj_167568
Icon for Altocumulus rankAltocumulus
Sep 12, 2016
Solved

ASM - Attack Signature for CVE-2016-6662?

Does the latest Attack Signature database have a Signature for CVE-2016-6662. If so, can someone tell me which attack signature relates to this exploit? I've been doing some looking around and haven'...
ASM Advanced WAF
security
boneyard's avatar
boneyard
Icon for MVP rankMVP
Sep 12, 2016

that CVE was released today, not expecting an official ASM signature update that quick.

 

don't have time to fully understand the issue, but it seems to require quite some access on either the actual server running mysql or within mysql itself. in general you wouldn't have such access through a website and if you have then you most likely allow such access and a specific signature against is probably difficult to craft.

 

sure there is sql injection and such, but for that you already have some signatures and again if you are vulnerable for sql injections this is just one of the things they might be able to do.