Forum Discussion

tux143's avatar
tux143
Icon for Cirrus rankCirrus
Jul 10, 2020

TMUI RCE vulnerability CVE-2020-5902

I am trying to secure F5 from recent exploit. Reading here https://support.f5.com/csp/article/K52145254

 

Its setting up 404 Redirect to avoid that directory travel so question is do should i remove "include none" and replace that with following code? but following codes in very strange format so should i just copy paste them same way ?

 

include '
<LocationMatch ";">
Redirect 404 /
</LocationMatch>
<LocationMatch "hsqldb">
Redirect 404 /
</LocationMatch>
'

 

 

 

2 Replies

  • Yeah. Follow the same instructions which provided in article.

  • Subrun's avatar
    Subrun
    Icon for Cirrostratus rankCirrostratus

    In the existing file there if no previous INCLUDE entry it should have following line

     

    "include none" and make sure when you adding exact above same content you remove include none. Other wise you will have include word.