Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Does XPath Injection attack signature include XXE in ASM?

In ASM, does XPath injection attack signature include XML External Entity attack? https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing.

It is challenging because the attack signatures hyperlink popups a list of attack signatures, but there is no way to find out what exactly is included for each attack. How do we know if ASM is protecting or not?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

ASM already covers the use of XML External Entities using signature 200018030. You can test to be sure that ASM is protecting.

0
Comments on this Answer
Comment made 4 months ago by Hussein Ghazy 270

Hi Tikka

I tested the signature and it is NOT triggered! Any ideas?

Thanks and regards

Hussein

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

To add to what Tikka suggested, we have Signature ID 200018030 as well as Signature ID 200018018 that should provide protection against the XML External Entity injection attack vector.

0