Forum Discussion

PeterHession's avatar
PeterHession
Icon for Nimbostratus rankNimbostratus
Feb 18, 2019

ASM Signature Update 02/08/2019 Contains Incorrect Command Execution Signatures

The 2/8/19 signature update available on F5 Downloads (shows a create date of 1/22/19 in the F5 UI) has some questionable updates for Command Execution signatures on parameters that cause a large amo...
ASM Advanced WAF
attacksignature
security
Paul_Zajicek_73's avatar
Paul_Zajicek_73
Icon for Nimbostratus rankNimbostratus
Mar 05, 2019

All examples are full of customer data. Here are sample few that I have anonymized:

 

"Attack Signature Staged ID 200003143 Name "link" execution attempt Context Cookie Cookie Name __abcd Cookie Value 2455013.155280.1.1.xyzcsr=click.jklsearch.net|qweccn=(referral)|qwecmd=referral|qwecct=/link/click"

 

"Attack Signature Staged ID 200003031 Name "ps" execution attempt Context Parameter (detected in POST Data)

 

Parameter Level Global

 

Parameter Name act_num Parameter Value ps.johndoe@testtesttest.com"

 

"Attack Signature Staged ID 200003094 Name "head" execution attempt Context Cookie Cookie Name __abcd Cookie Value 16234634606.134634666.8.9.xyzcsr=test.co.uk|xyzccn=(referral)|xyzcmd=referral|xyzcct=/products/wall-mounted-plush-deer-head/_/12345678"

 

"Attack Signature Staged ID 200003085 Name "date" execution attempt Context Cookie Cookie Name __abcd Cookie Value 237757.15457567.6.7.xyzcsr=GoogleProductList|xyzccn=HouseAndGarden_Trees|xyzcmd=PLA|xyzctr=date0x20palm|xyzcct=9876543"

 

"Attack Signature Staged ID 200003136 Name "cut" execution attempt Context Cookie Cookie Name __abcd Cookie Value 66546456.15456456.7.7.xyzcsr=test.com|xyzccn=(referral)|xyzcmd=referral|xyzcct=/products/laser-cut-dress/44444444"

 

"Attack Signature Staged ID 200003156 Name "touch" execution attempt Context Cookie Cookie Name __aaaa_ca Cookie Value so=testref.space&me=referral&ca=referral&co=;