04-Feb-2021 08:37
Is there any signature for CVE-2018-9126 provided by F5 ?
if yes , then what is the name of signature so that we can enforce it in ASM ?
06-Feb-2021 05:49 - last edited on 04-Jun-2023 21:03 by JimmyPackets
in lieu of a signature, this should be an easy block by adding a disallowed parameter as such:
CP=%2fweb.config
06-Feb-2021 08:05
but is this mean there is no pre-defied signature from F5 ASM ?
if i have not add this parameter as disallowed, does ASM will pass the traffic with no block ?
06-Feb-2021 10:05
You can check your signatures to find out by following the guidance here: https://support.f5.com/csp/article/K45558510
if there is a signature and you’ve applied it it should block. If there is no signature you will need to add a parameter to do so.
23-Feb-2021 03:52
We have added a dedicated signature on the last signature update that mitigates this vulnerability:
200007038 - DotNetNuke - GetCSS Arbitrary File Read
Also on a side note, the POC exploit for this vulnerability is matched by the following signature:
200000042 - ASP.NET configuration file access (web.config) (Parameter)
24-Feb-2021 20:57
I could not find this signature 200007038 - DotNetNuke - GetCSS Arbitrary File Read , how to install it?
27-Feb-2021 01:23
follow the documentation on updating: https://support.f5.com/csp/article/K8217
then check it in your ASM profile
or learn more...
