For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Apr 27, 2014

ASM mitigation for vulnerability in Apache Struts

Does anyone know if ASM provides, or can provide, mitigation for this DOS vulnerability in Apache Struts?

https://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/105691

thanks!

ASM Advanced WAF

2 Replies

nathe
Cirrocumulus
Apr 27, 2014
bdy,

I don't know the specifics of this vulnerability but it looks like parameter tampering. If so the ASM can indeed protect on this. You can define Parameters and then, for example, configure what values are allowed, e.g. integers, digits, alphanumeric etc, or allow/disallow specific meta-characters.

This should help mitigate this vulnerability I hope.

N
spud_141786
Nimbostratus
May 02, 2014
Nir Zigler has a good write up here: https://devcentral.f5.com/articles/apache-struts-classloader-manipulation-vulnerabilities

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5