For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

thekoreanguy's avatar
thekoreanguy
Icon for Altostratus rankAltostratus
Oct 25, 2024

Curious about the ASM Attack Signature Update

When I update signatures through ".im files", some signatures were often deleted. I thought the signatures to be deleted would be "risk : low" or "accuracy : low". But their risk, their accuracy, w...
security
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Oct 25, 2024

Hi thekoreanhuy,

Looking at the ASM Signatures Release Notes, I see that six signatures have been removed in the last year. There are signatures with the same name but different ids, except "cmmd" signatures.

ASM-AttackSignatures_20240814_183003:
Deleted Information Leakage signature 200009311 for WordPress User Meta Information Disclosure (2)

ASM-AttackSignatures_20240530_071654:
Deleted Predictable Resource Location signature 200010472 for Joomla! webservice endpoint unauthorized access

ASM-AttackSignatures_20240507_152613:
Deleted Command Execution signature 200003079 for "cmmd" execution attempt
Deleted Command Execution signature 200003199 for "cmmd" execution attempt (Header)
Deleted Command Execution signature 200003200 for "cmmd" execution attempt (URI)

ASM-AttackSignatures_20231122_200704:
Deleted Server Side Code Injection signature 200004163 for PHP injection attempt (passthru)