Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

CVE-2018-9126 - DotNetNuke DNNarticle Directory Traversal


Is there any signature for CVE-2018-9126 provided by F5 ?

if yes , then what is the name of signature so that we can enforce it in ASM ?


Community Manager
Community Manager

in lieu of a signature, this should be an easy block by adding a disallowed parameter as such:


but is this mean there is no pre-defied signature from F5 ASM ?

if i have not add this parameter as disallowed, does ASM will pass the traffic with no block ?

Community Manager
Community Manager

You can check your signatures to find out by following the guidance here:


if there is a signature and you’ve applied it it should block. If there is no signature you will need to add a parameter to do so.

F5 Employee
F5 Employee

We have added a dedicated signature on the last signature update that mitigates this vulnerability:


200007038 - DotNetNuke - GetCSS Arbitrary File Read


Also on a side note, the POC exploit for this vulnerability is matched by the following signature:


200000042 -  ASP.NET configuration file access (web.config) (Parameter)

I could not find this signature 200007038 - DotNetNuke - GetCSS Arbitrary File Read , how to install it?

follow the documentation on updating:


then check it in your ASM profile