Forum Discussion
samstep
Sep 05, 2021Cirrocumulus
Atlassian Confluence Critical CVE-2021-26084 Mitigation with F5 ASM / F5 WAF
The Confluence CVE-2021-26084 critical vulnerability is in active exploitation, quick mitigation on ASM is to add the following URL to the Disallowed URL:
/pages/createpage-entervariables.action
Make sure that you enable blocking on the 'Ilegal URL' violation.
Patch/update your Confluence:
Link to Confluence Security Advisory - 2021-08-25:
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
- samstepCirrocumulus
This is how attackers currently bypass WAF:
https://twitter.com/Jok3rDb/status/1434099427862482952
The "quick mitigation" on ASM is to
Disallow URL:
/pages/createpage-entervariables.action
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects