For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Feb 04, 2021

CVE-2018-9126 - DotNetNuke DNNarticle Directory Traversal

Is there any signature for CVE-2018-9126 provided by F5 ? if yes , then what is the name of signature so that we can enforce it in ASM ?

ASM Advanced WAF

ASM ATTACK SIGNTURES

Icon for Admin rank

Admin

Feb 06, 2021

in lieu of a signature, this should be an easy block by adding a disallowed parameter as such:

CP=%2fweb.config

THE_BLUE
Cirrostratus
Feb 06, 2021
but is this mean there is no pre-defied signature from F5 ASM ?
if i have not add this parameter as disallowed, does ASM will pass the traffic with no block ?
- JRahm
  Admin
  Feb 06, 2021
  You can check your signatures to find out by following the guidance here: https://support.f5.com/csp/article/K45558510
  
  if there is a signature and you’ve applied it it should block. If there is no signature you will need to add a parameter to do so.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Related Content

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5