Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Affected F5 devices from penetration testing | APM

RKRam
Nimbostratus
Nimbostratus

‎20-Oct-2021 19:41

We go below result from penetration test in F5 unit.

 

Issue: Insufficient Resource Validation. It is observed that we are able to inject "<" and ">" to the id_res parameter.

Resolution: It is advised to do data sanitization for characters "<" and ">".

 

Please note: our client only using APM module.

 

Please advise us to mitigate this vulnerability.

 

Thanks,

Ram

Labels:
0 Kudos
1 REPLY 1

Not applicable

‎21-Oct-2021 12:11 - last edited on ‎24-Mar-2022 01:24 by Fog

 Potential security issues like this are best handled directly by our official support teams.

I'm told the best thing to do is follow the instructions on this Knowledge Article on Support related to reporting suspected vulnerabilities.

https://support.f5.com/csp/article/K4602 - Reporting Suspected Vulnerabilities

 

F5 welcomes any reports of suspected vulnerabilities or other security concerns with F5 products.

If you are an F5 customer with an active support contract, please contact F5 Support.

If you are not an F5 customer, please send an email to f5sirt@f5.com. An engineer will contact you and will work with you to gather the necessary details to determine an appropriate course of action.

To send an encrypted message to F5, use this F5 Security Incident Response Team (SIRT) public PGP key, which is also available on multiple public key servers.+

 

Let me know if you are able to get the support you need that way.

Thanks for being part of our community!

0 Kudos
Copyright © 2023 Khoros, LLC