cancel
Showing results for 
Search instead for 
Did you mean: 

TMUI RCE vulnerability CVE-2020-5902

tux143
Altocumulus
Altocumulus

I am trying to secure F5 from recent exploit. Reading here https://support.f5.com/csp/article/K52145254

 

Its setting up 404 Redirect to avoid that directory travel so question is do should i remove "include none" and replace that with following code? but following codes in very strange format so should i just copy paste them same way ?

 

include ' <LocationMatch ";"> Redirect 404 / </LocationMatch> <LocationMatch "hsqldb"> Redirect 404 / </LocationMatch> '

 

 

 

2 REPLIES 2

Samir
Nacreous
Nacreous

Yeah. Follow the same instructions which provided in article.

Subrun
Cirrostratus
Cirrostratus

In the existing file there if no previous INCLUDE entry it should have following line

 

"include none" and make sure when you adding exact above same content you remove include none. Other wise you will have include word.