For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nguyen_Viet_Dun's avatar
Nguyen_Viet_Dun
Icon for Nimbostratus rankNimbostratus
Jul 18, 2018

F5 ASM Signature Could Not detect XSS Attack

We detect XSS Attack to Webserver. But F5 ASM could not detect with Eval command exectute   /AAAA?category=all&text=*/1:eval.call(0,atob(%27YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=%27))})//   /AAA?cate...
ASM Advanced WAF
security
suttonsc's avatar
suttonsc
Icon for Employee rankEmployee
Jan 25, 2019

Marking this as answered as the issue was raised as an SR with F5 Networks Support and addressed in a subsequent ASU release.

It is recommended to update the Attack Signatures on an ASM/Advanced WAF device when new releases come available for up to date protection and enhancements in detection methods.

From 13.1.0.4 ASM with updated Attack Signatures (Update: v13.1.0/ASM-SignatureFile_20190114_163855):

Detected Keyword    
text=*/1:eval.call(0,atob(YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=))})//
Attack Signature    
Signature ID
200001324

Signature Name
 eval() (Parameter)

Context Parameter (detected in Query String)
Parameter Level Global
Actual Parameter Name   text
Wildcard Parameter Name *
Parameter Value */1:eval.call(0,atob(YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=))})//