For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Allwyn_Mascaren's avatar
Allwyn_Mascaren
Icon for Cirrus rankCirrus
Mar 19, 2019

Disable buffer overflow in json parameters

Hi In a file upload using api we allow the file name in base64 encoding. However this triggers the Generic buffer overflow attempt 1 . As of this post it seems signature at json parameter...
application delivery
ASM Advanced WAF
JSON
security
Lior_Rotkovtic1's avatar
Lior_Rotkovtic1
Historic F5 Account
Mar 19, 2019

try serach sig ID 200011000 in the "filter signatues by name or ID"

 

  • Allwyn_Mascaren's avatar
    Allwyn_Mascaren
    Icon for Cirrus rankCirrus
    Mar 19, 2019

    I tried, the thing is this box with the problem has not updated the ASM signatures.

    My lab device with v12 and updated ASM sig does not even have that 

    attempt 1
    buffer overflow sig anymore, but only 
    attempt 27 28
    and so on.

  • Lior_Rotkovtic1's avatar
    Lior_Rotkovtic1
    Historic F5 Account
    Mar 19, 2019

    not even here ? : Security ›› Options : Application Security : Attack Signatures : Attack Signature List

     

    also, try accepitng the request from the request log - where it got block. this should disable the signautre so that it will not block

     

  • Allwyn_Mascaren's avatar
    Allwyn_Mascaren
    Icon for Cirrus rankCirrus
    Mar 23, 2019

    This sig is fired for this one uri in one parameter in json request, the problem with disabling it is it will disable the sig everywhere globally right?

    And yes 

    Generic buffer overflow attempt 1
    is not even in the big sig list.