Does XPath Injection attack signature include XXE in ASM?

Question

In ASM, does XPath injection attack signature include XML External Entity attack? https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing.&nbsp;
It is challenging because the attack signatures hyperlink popups a list of attack signatures, but there is no way to find out what exactly is included for each attack. How do we know if ASM is protecting or not?&nbsp;

tikka_nagi_1315 · Answer

ASM already covers the use of XML External Entities using signature 200018030.
You can test to be sure that ASM is protecting.&nbsp;

hussein_ghazy_3 · Answer

Hi Tikka&nbsp;
I tested the signature and it is NOT triggered! Any ideas?&nbsp;
Thanks and regards&nbsp;
Hussein&nbsp;

ashwin_venkat · Answer

To add to what Tikka suggested, we have Signature ID 200018030 as well as Signature ID 200018018 that should provide protection against the XML External Entity injection attack vector.&nbsp;

Forum Discussion

Does XPath Injection attack signature include XXE in ASM?

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

WAF evasion techniques for Command Injection

AI Security : Prompt Injection and Insecure Output Handling.

BIG-IP syslog include

Serverside SNI injection iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS