APM Sharepoint authentication v2

Problem this snippet solves: This new version of irule supports NTLM auth (mandatory for Onedrive Apps) APM is a great authentication service but it does it only with forms. The default behavior...

Published May 23, 2017

Version 1.0

application delivery

BIG-IP Access Policy Manager (APM)

Cumulonimbus

Joined January 04, 2011

View Profile

Kai_Wilke

MVP

Mar 20, 2019

Hi Stanislas,

you may want to double check your lines 211, 212 and 343. They allow an attacker to perform a TCL-injection attack by sending handcrafted HOST header values.

Remote Code Execution with TMM crash:

Host: www.[while { 1 } { set x 1 }].de

Disclosure of your AES Recovery Key:

Host: www.[b64encode [subst [b64decode JHN0YXRpYzo6c2Vzc2lvbl9yZXN0b3JlX2Flc19rZXk=]]].de

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

APM Sharepoint authentication v2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS