F5 Sites
  • F5.com
  • F5 Labs
  • MyF5
  • NGINX
  • Partner Central
  • Education Services Portal (ESP)
Contact
  • Under Attack?
  • F5 Support
  • DevCentral Support
  • F5 Sales
  • NGINX Sales
  • F5 Professional Services
Open Side Menu
Skip to contentBrand Logo
Forums
CrowdSRC
Articles
GroupsEventsSuggestionsHow Do I...?
RegisterSign In
  1. DevCentral
  2. CrowdSRC
  3. CodeShare

APM Sharepoint authentication v2

Problem this snippet solves: This new version of irule supports NTLM auth (mandatory for Onedrive Apps) APM is a great authentication service but it does it only with forms. The default behavior...
Published May 23, 2017
Version 1.0
application delivery
BIG-IP Access Policy Manager (APM)
irules
ms-ofba
sharepoint
stan_piron's avatar
stan_piron
Icon for Cumulonimbus rankCumulonimbus
Joined January 04, 2011
View Profile
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Mar 20, 2019

Hi Stanislas,

you may want to double check your lines 211, 212 and 343. They allow an attacker to perform a TCL-injection attack by sending handcrafted HOST header values.

Remote Code Execution with TMM crash:

Host: www.[while { 1 } { set x 1 }].de

Disclosure of your AES Recovery Key:

Host: www.[b64encode [subst [b64decode JHN0YXRpYzo6c2Vzc2lvbl9yZXN0b3JlX2Flc19rZXk=]]].de

Cheers, Kai

ABOUT DEVCENTRAL

DevCentral NewsTechnical ForumTechnical ArticlesTechnical CrowdSRCCommunity GuidelinesDevCentral EULAGet a Developer Lab LicenseBecome a DevCentral MVP

RESOURCES

Product DocumentationWhite PapersGlossaryCustomer StoriesWebinarsFree Online CoursesTraining & Certification

SUPPORT

Manage SubscriptionsProfessional ServicesCreate a Service RequestSoftware DownloadsSupport Portal

PARTNERS

Find a Reseller PartnerTechnology AlliancesBecome an F5 PartnerLogin to Partner Central

©2026 F5, Inc. All rights reserved.
TrademarksPoliciesPrivacyCalifornia PrivacyDo Not Sell My Personal Information