cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Affected F5 devices from penetration testing | APM

RKRam
Nimbostratus
Nimbostratus

We go below result from penetration test in F5 unit.

 

Issue: Insufficient Resource Validation. It is observed that we are able to inject "<" and ">" to the id_res parameter.

Resolution: It is advised to do data sanitization for characters "<" and ">".

 

Please note: our client only using APM module.

 

Please advise us to mitigate this vulnerability.

 

Thanks,

Ram

1 REPLY 1

Not applicable

 Potential security issues like this are best handled directly by our official support teams.

I'm told the best thing to do is follow the instructions on this Knowledge Article on Support related to reporting suspected vulnerabilities.

https://support.f5.com/csp/article/K4602 - Reporting Suspected Vulnerabilities

 

F5 welcomes any reports of suspected vulnerabilities or other security concerns with F5 products.

If you are an F5 customer with an active support contract, please contact F5 Support.

If you are not an F5 customer, please send an email to f5sirt@f5.com. An engineer will contact you and will work with you to gather the necessary details to determine an appropriate course of action.

To send an encrypted message to F5, use this F5 Security Incident Response Team (SIRT) public PGP key, which is also available on multiple public key servers.+

 

Let me know if you are able to get the support you need that way.

Thanks for being part of our community!