For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Allwyn_Mascaren's avatar
Allwyn_Mascaren
Icon for Cirrus rankCirrus
Mar 19, 2019

Disable buffer overflow in json parameters

Hi

In a file upload using api we allow the file name in base64 encoding.

However this triggers the 

Generic buffer overflow attempt 1
.

As of this post it seems signature at json parameter level cannot be disabled. https://devcentral.f5.com/questions/disable-attack-signature-on-particular-json-parametercomment77010

Has there been any change in this? I am using v12?

In my json content profile I do not see the buffer overflow sig at all on filtering with the name.

application delivery
ASM Advanced WAF
JSON
security

8 Replies

    • Allwyn_Mascaren's avatar
      Allwyn_Mascaren
      Icon for Cirrus rankCirrus
      Mar 19, 2019

      I tried, the thing is this box with the problem has not updated the ASM signatures.

      My lab device with v12 and updated ASM sig does not even have that 

      attempt 1
      buffer overflow sig anymore, but only 
      attempt 27 28
      and so on.

    • Lior_Rotkovtic1's avatar
      Lior_Rotkovtic1
      Historic F5 Account
      Mar 19, 2019

      not even here ? : Security ›› Options : Application Security : Attack Signatures : Attack Signature List

       

      also, try accepitng the request from the request log - where it got block. this should disable the signautre so that it will not block

       

    • Allwyn_Mascaren's avatar
      Allwyn_Mascaren
      Icon for Cirrus rankCirrus
      Mar 23, 2019

      This sig is fired for this one uri in one parameter in json request, the problem with disabling it is it will disable the sig everywhere globally right?

      And yes 

      Generic buffer overflow attempt 1
      is not even in the big sig list.

    • Allwyn_Mascaren's avatar
      Allwyn_Mascaren
      Icon for Cirrus rankCirrus
      Mar 19, 2019

      I tried, the thing is this box with the problem has not updated the ASM signatures.

      My lab device with v12 and updated ASM sig does not even have that 

      attempt 1
      buffer overflow sig anymore, but only 
      attempt 27 28
      and so on.

    • Lior_Rotkovitch's avatar
      Lior_Rotkovitch
      Icon for SIRT rankSIRT
      Mar 19, 2019

      not even here ? : Security ›› Options : Application Security : Attack Signatures : Attack Signature List

       

      also, try accepitng the request from the request log - where it got block. this should disable the signautre so that it will not block

       

    • Allwyn_Mascaren's avatar
      Allwyn_Mascaren
      Icon for Cirrus rankCirrus
      Mar 23, 2019

      This sig is fired for this one uri in one parameter in json request, the problem with disabling it is it will disable the sig everywhere globally right?

      And yes 

      Generic buffer overflow attempt 1
      is not even in the big sig list.