Forum Discussion
2 Replies
Sort By
- natheCirrocumulus
bdy,
I don't know the specifics of this vulnerability but it looks like parameter tampering. If so the ASM can indeed protect on this. You can define Parameters and then, for example, configure what values are allowed, e.g. integers, digits, alphanumeric etc, or allow/disallow specific meta-characters.
This should help mitigate this vulnerability I hope.
N
- spud_141786Nimbostratus
Nir Zigler has a good write up here: https://devcentral.f5.com/articles/apache-struts-classloader-manipulation-vulnerabilities