CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

CVE-2025-58474

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

EUVD-2025-34654

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

CVE-2025-58474

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

CVE-2025-58474

CVE-2025-58474 affects BIG-IP BIG-IP Advanced WAF/ASM and NGINX App Protect DNS lookup vulnerability. When BIG-IP Advanced WAF is on a virtual server with SSRF protection or NGINX App Protect Bot Defense is used, undisclosed requests can disrupt new client requests, enabling potential DoS on the ...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability (K000148512)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.2 / 17.5.0. It is, therefore, affected by a vulnerability as referenced in the K000148512 advisory. When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when a...

EUVD-2021-10102

Malware in sbrugna...

EUVD-2024-21258

Malicious code in bioql PyPI...

Agentic AI Is Here — and It’s Shaping the Future of Bot Defense

...

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

Default configuration

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

CVE-2024-23805 F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

CVE-2024-23805

Summary (CVE-2024-23805) : This vulnerability affects F5 BIG-IP products, notably the Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM. It arises when an HTTP Analytics profile with URLs enabled is configured on a virtual server and the database variables avr.IncludeServerI...

CVE-2024-23805 F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

K000137334: F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and th...

F5 Networks BIG-IP : F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability (K000137334)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137334 advisory. - Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application...

What Else Can You Do to Defend Against Bots?

...

K38157961: BIG-IP ASM Bot Defense may fail to block malicious requests when both the Bot Defense profile and DoS profile are associated with a virtual server

Security Advisory Description The BIG-IP ASM Bot Defense profile may unexpectedly fail to block malicious requests. This issue occurs when the following condition is met: The affected virtual server is associated with the following: A security policy A DoS profile configured with either TPS-based...

K33440533: BIG-IP ASM Bot Defense open redirection vulnerability CVE-2021-22984

Security Advisory Description When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may...