For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

spud_141786's avatar
spud_141786
Icon for Nimbostratus rankNimbostratus
Apr 27, 2014

ASM mitigation for vulnerability in Apache Struts

Does anyone know if ASM provides, or can provide, mitigation for this DOS vulnerability in Apache Struts?   https://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/105691   than...
ASM Advanced WAF
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Apr 27, 2014

bdy,

 

I don't know the specifics of this vulnerability but it looks like parameter tampering. If so the ASM can indeed protect on this. You can define Parameters and then, for example, configure what values are allowed, e.g. integers, digits, alphanumeric etc, or allow/disallow specific meta-characters.

 

This should help mitigate this vulnerability I hope.

 

N