Does XPath Injection attack signature include XXE in ASM?

Question

In ASM, does XPath injection attack signature include XML External Entity attack? https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing.&nbsp;
It is challenging because the attack signatures hyperlink popups a list of attack signatures, but there is no way to find out what exactly is included for each attack. How do we know if ASM is protecting or not?&nbsp;

tikka_nagi_1315 · Answer

ASM already covers the use of XML External Entities using signature 200018030.
You can test to be sure that ASM is protecting.&nbsp;

hussein_ghazy_3 · Answer

Hi Tikka&nbsp;
I tested the signature and it is NOT triggered! Any ideas?&nbsp;
Thanks and regards&nbsp;
Hussein&nbsp;

ashwin_venkat · Answer

To add to what Tikka suggested, we have Signature ID 200018030 as well as Signature ID 200018018 that should provide protection against the XML External Entity injection attack vector.&nbsp;

Forum Discussion

Does XPath Injection attack signature include XXE in ASM?

3 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Serverside SNI injection iRule

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

Automation of OWASP Injection mitigation using F5 Distributed Cloud Platform

Support of WAF Signature Staging in F5 Distributed Cloud (XC)