10 matches found
EUVD-2022-28142
Malicious code in bioql PyPI...
K80945213: BIG-IP ASM and F5 Advanced WAF attack signature check failure security exposure
Security Advisory Description A BIG-IP ASM and F5 Advanced Web Application Firewall Advanced WAF attack signature check may fail to detect and block certain GET requests when cross-site request forgery CSRF protection is enabled. Impact Attackers may be able to bypass BIG-IP ASM and Advanced WAF...
K61112120: BIG-IP ASM and Advanced WAF TMUI vulnerability CVE-2022-23031
Security Advisory Description An XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface TMUI, also referred to as the Configuration utility, that allows an authenticated...
K53593534: BIG-IP ASM and F5 Advanced WAF attack signature check failure on certain HTTP requests
Security Advisory Description The BIG-IP ASM and F5 Advanced Web Application Firewall Advanced WAF attack signature check may fail to detect and block certain HTTP requests. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a...
K67397230: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect normalizing security exposure
Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems incorrectly normalize undisclosed strings. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a resu...
K70134152: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect encoded directory traversal security exposure
Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems may fail to detect encoded directory traversal in the URL. This issue occurs when the following condition is met: The affected security policy is enabled with an evasion...
K39002226: F5 Advanced WAF and BIG-IP ASM multipart request security exposure
Security Advisory Description Under certain conditions, the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM systems may not correctly detect attack signatures. This issue occurs when the following condition is met: The Advanced WAF or BIG-IP ASM received a client request containi...
CVE-2022-23031
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface...
CVE-2022-23031
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface...
CVE-2021-23028
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...