Forum Discussion

Nimbostratus

Apr 15, 2015

MS15-034

MS15-034 is a critical issue which we are looking at patching but we would like to apply an irule to filter for any exploit for our customers who haven't patched. There is no exploit yet but it'...

Nimbostratus

Apr 16, 2015

Hello,

The below is a recent article on this issue. It does not drop the request, it removes the Range header.

https://devcentral.f5.com/articles/using-irules-to-mitigate-microsofts-ms15-034-cve-2015-1635-range-vulnerability


 Name: stop_range_CVE-2015-1635
 Description: This iRule will remove the Range header when detecting large ranges in it.

when HTTP_REQUEST {
 remove Range requests for CVE-2015-1635 if the request uses large ranges
if { ([HTTP::header exists "Range"]) and ([HTTP::header "Range"] matches_regex {bytes\s*=.*([0-9]){10,}.*})}
{
HTTP::header remove Range
}
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)