ASM mitigation for vulnerability in Apache Struts

Question

Does anyone know if ASM provides, or can provide, mitigation for this DOS vulnerability in Apache Struts?&nbsp;
https://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/105691&nbsp;
thanks!&nbsp;

nathe · Answer

bdy,&nbsp;
I don't know the specifics of this vulnerability but it looks like parameter tampering. If so the ASM can indeed protect on this. You can define Parameters and then, for example, configure what values are allowed, e.g. integers, digits, alphanumeric etc, or allow/disallow specific meta-characters.&nbsp;
This should help mitigate this vulnerability I hope.&nbsp;
N&nbsp;

spud_141786 · Answer

Nir Zigler has a good write up here: 
https://devcentral.f5.com/articles/apache-struts-classloader-manipulation-vulnerabilities&nbsp;

Forum Discussion

ASM mitigation for vulnerability in Apache Struts

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Mitigate Apache strut2 vulnerability, cve-2017-5638

Apache Log4j2 (CVE-2021-44228) mitigation iApp

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform

Apache Airflow Unsafe API Endpoint

Vulnerability Mitigation