Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options
Published Jul 06, 2020
Version 1.0Was this article helpful?
If you want to use the Rest API to apply the specific mitigations from the article without using tmsh edit:
# curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ -X PATCH -H "Content-Type: application/json" -d '{"include": "<LocationMatch \\\".*\\\\.\\\\.;.*\\\">\nRedirect 404 /\n</LocationMatch>\n"}'
The following one-line bash script checks to see if the include already has the LocationMatch, preserves any existing include setting, and adds the K52145254 LocationMatch stanza.
if [ $(curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ | jq . -M | grep -c LocationMatch) -eq 0 ]; then new_include=$(echo '{"include":"'$(curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ | jq . -M | grep include | awk -F'^"|":|:"| "|",' '{print $4}')'\n<LocationMatch \\\".*\\\\.\\\\.;.*\\\">\nRedirect 404 /\n</LocationMatch>\n')'"}'; curl -sk -u admin:password https://localhost/mgmt/tm/sys/httpd/ -X PATCH -H "Content-Type: application/json" -d "$new_include"; fi
I'm sure someone will write this more elegantly in Python or somesuch, but it's a start.