Shellshock mitigation with BIG-IP iRules
Yesterday, NIST released information on a new network exploitable vulnerability in the GNU Bash shell as demonstrated by vectors involving parts of OpenSSH sshd, the mod_cgi, and mod_cgid modules in ...
Updated Jun 06, 2023
Version 2.0
In doing some more testing I've believe I can further restrict my match pattern to "*()*{*;*}*". This should exclude most all User-Agent strings as I haven't found any with empty parenthesis followed by curly braces. I also plan on including URI decoding into the URI and header checks to try to make sure someone isn't encoding the values. I haven't been able to recreate the vuln by passing in encoded characters so I'm going to hold out on publishing that until I do. I would really like to hear of any false-positives anyone finds with the original match pattern.