Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Phu's avatar
Phu
Icon for Nimbostratus rankNimbostratus
Nov 27, 2020
Solved

BigIP ASM can't block Command Execution Attack

My BigIP device is running on v16.0.1 I setup an ASM Policy and mapping many Attack Signature Sets included Command Execution. I try to test with some of testcases. Such as: https://mydomain.com/...
ASM Advanced WAF
security
  • Simon_Blakely's avatar
    Simon_Blakely
    Nov 29, 2020

    Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)

    https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Nov 29, 2020

Those won't trigger the relevant signatures - you either need some sort of escape character (` ; etc) to break the string handling or use a full path (/bin/ls, /sbin/ls)

https://mydomain.com/product?test=/bin/ls /var/log
https://mydomain.com/product?test=/sbin/pwd
https://mydomain.com/product?test=`tail /etc/passwd

  • Phu's avatar
    Phu
    Icon for Nimbostratus rankNimbostratus
    Nov 29, 2020

    You are right.

    Escape character ( ` ) make ASM recognize Command Execution Attack.

    Thanks so much.