cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Gal_Goldshtein
F5 Employee
F5 Employee

In the recent days a critical vulnerability in Spring framework was published. The vulnerable component is Spring-Messaging which is the Spring implementation of WebSockets, Spring-Messaging uses the STOMP messaging protocol as the subprotocol for WebSockets. The vulnerability allows attackers to run arbitrary code by sending a crafted STOMP WebSocket message. A Proof of Concept code exploiting this vulnerability is already publicly available.

Mitigating the vulnerability with BIG-IP ASM

BIG-IP ASM customers with BIG-IP versions greater than 12.1.0 which allows WebSocket inspection are already protected against this vulnerability. The exploitation attempt will be detected by existing Java code injection attack signatures which can be found in signature sets that include the “Server Side Code Injection” attack type or “Java Servlets/JSP” System. Also, operating system command execution signatures will detect the attempt to execute operating system commands as the payload for the exploit.

0151T000003d7B8QAI.png

Figure 1: Exploit blocked with attack signature 200003437.

0151T000003d7B9QAI.png

Figure 2: Exploit blocked with attack signature 200003073.

0151T000003d7BAQAY.png

Figure 3: Exploit blocked with attack signature 200002273.

Version history
Last update:
‎08-Apr-2018 10:23
Updated by:
Contributors