asm capabilities encoded request

Question

Hi
&nbsp;i m doing Xss attack to the ASM with

hooleylist · Answer

Hi Zafer, 
&nbsp;  
&nbsp; ASM doesn't currently provide an option to base64 decode request components.  But most web servers won't do this either so it's not a problem.  If the web application does base64 decode whatever request component you're putting the base64 encoded attack string in, then you'd have a potential issue.   
&nbsp;  
&nbsp; What kind of app are you testing? 
&nbsp;  
&nbsp; Aaron

zafer_101134 · Answer

Hi hoolio&nbsp;
&nbsp;the customer use apache tomcat.
&nbsp;We tested several attack methods to the ASM and i can't find how to block encoded request based on hex and base64&nbsp;
&nbsp;regards
&nbsp;zafer&nbsp;&nbsp;

Forum Discussion

asm capabilities encoded request

2 Replies

Recent Discussions

Issue on license renewal

Maximum throughput of f5 ltm

iRule cookie persistence and pool redirect

redirect not working

Access azure app service using f5 LTM

Related Content

F5 TIC3.0 Capability Mappings

BIGIP VE maximum connections capability

Exploring BIG-IP VE capabilities on HPE ProLiant DL365 Gen10 Plus servers - Part 1 of 2

Exploring BIG-IP VE capabilities on HPE ProLiant DL365 Gen10 Plus servers - Part 2 of 2

Logging DNS Requests