Mitigate Apache strut2 vulnerability, cve-2017-5638
Published Mar 07, 2017
Version 1.0Was this article helpful?
Someone just reported that this irule causes a false positive when the Content-Type header includes a boundry string:
Content-Type: multipart/form-data; boundary=-------2c5ad0c0c449
Also note that the F5 ASM (WAF) has built-in signatures that mitigates this.