Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

If you want to use the Rest API to apply the specific mitigations from the article without using tmsh edit:

# curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ -X PATCH -H "Content-Type: application/json" -d '{"include": "<LocationMatch \\\".*\\\\.\\\\.;.*\\\">\nRedirect 404 /\n</LocationMatch>\n"}'

The following one-line bash script checks to see if the include already has the LocationMatch, preserves any existing include setting, and adds the K52145254 LocationMatch stanza.

if [ $(curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ | jq . -M | grep -c LocationMatch) -eq 0 ]; then new_include=$(echo '{"include":"'$(curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ | jq . -M | grep include | awk -F'^"|":|:"| "|",' '{print $4}')'\n<LocationMatch \\\".*\\\\.\\\\.;.*\\\">\nRedirect 404 /\n</LocationMatch>\n')'"}'; curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ -X PATCH -H "Content-Type: application/json" -d "$new_include"; fi

I'm sure someone will write this more elegantly in Python or somesuch, but it's a start.