EUVD-2009-0594

Malware in sbrugna...

EUVD-2015-0852

Malware in sbrugna...

EUVD-2022-45003

Malicious code in bioql PyPI...

K000138898: BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, and NGINX App Protect WAF attack signature check failure

Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled for example, all or...

K000135944: Attack signature check security exposure

Security Advisory Description BIG-IP Advanced WAF, BIG-IP ASM, and NGINX App Protect systems incorrectly handle certain requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF, BIG-IP ASM, and NGINX App Protect handle a crafted request with the parameter value. Impact...

K30150004: The attack signature check may fail to detect and block malicious requests

Security Advisory Description The web application firewall attack signature check may fail to detect and block malicious request containing certain decimal-coded characters. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall...

K53593534: BIG-IP ASM and F5 Advanced WAF attack signature check failure on certain HTTP requests

Security Advisory Description The BIG-IP ASM and F5 Advanced Web Application Firewall Advanced WAF attack signature check may fail to detect and block certain HTTP requests. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a...

K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure

Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...

K67397230: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect normalizing security exposure

Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems incorrectly normalize undisclosed strings. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a resu...

K49237345: BIG-IP Advanced WAF, ASM, and NGINX App Protect WAF XML encoding security exposure

Security Advisory Description F5 BIG-IP Advanced WAF, BIG-IP ASM, or NGINX App Protect WAF incorrectly handles certain requests. This issue occurs when the following condition is met: Advanced WAF, BIG-IP ASM, or NGINX App Protect WAF handles a malicious request with XML content type and XML...

K94142349: BIG-IP Advanced WAF and ASM WebSocket security exposure

Security Advisory Description BIG-IP Advanced WAF and ASM incorrectly handle certain WebSocket requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF or ASM handles a malicious WebSocket message. Impact The attack signature check fails to detect and block requests, a...

K41503304: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature bypass security exposure

Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect systems attack signature check may fail to match attack signature 200000128, as expected, for certain undisclosed requests. This issue occurs when all of the following conditions...

K05391775: The BIG-IP ASM system may not properly perform attack signature checks

Security Advisory Description The BIG-IP ASM system may not properly perform attack signature checks on request and response content. This issue occurs when all of the following conditions are met: Your system is running BIG-IP 13.1.x. BIG-IP systems running 14.1.x and later are not affected. A...

K30291321: The attack signature check may fail to detect and block illegal requests for a case-insensitive policy

Security Advisory Description The web application firewall attack signature check may fail to detect and block illegal requests. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall products: Advanced WAF or BIG-IP ASM 11.6.0 ...

CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

Code injection

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate...

CVE-2022-41836

CVE-2022-41836 is a vulnerability in BIG-IP Advanced WAF and ASM where, if a security policy uses the Attack Signature False Positive Mode, undisclosed requests can cause the bd process to terminate, enabling a network DoS. The advisory (K47204506) lists vulnerable branches and fixes: BIG-IP 17.x...

F5 BIG-IP 输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 Corporation that integrates network traffic management, application security management, load balancing and other features. The F5 BIG-IP suffers from an input validation error vulnerability that originates from an undisclosed request that cou...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K47204506)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.7 / 16.1.3.1 / 17.0.0.1 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K47204506 advisory. - When an 'Attack Signature False Positive Mode' enabled security policy is configured on a...