A way to mitigate CVE-2017-8295

Question

Hello experts,
I may be wrong in my approach, but I'm trying to mitigate CVE-2017-8295 by forcing the request to a know fixed host name, (e.g. ).
So when another requested host reach my virtual server, it will be blocked preventing the attacker from receiving the password reset of the admin user in their fake domain (Return-Path).&nbsp;
The problem is that I am not able to do this with ASM, so when I'm trying to force that hostname into the list of known host names (Application Security &gt; Headers &gt; Host Names).&nbsp;
Is there any right way to do this? Because the ASM policy is ignoring the fake test host name even when I try to block everything related to host names (CSRF, redirection protection, etc).
(Yes, the ASM isn't staging for all objects and is in blocking mode)&nbsp;
Any idea? I'll appreciate it.&nbsp;
Regards.&nbsp;

nathe · Answer

cjunior,
I dont believe this Host Header configuration object works as you believe it should, rather it is a way of telling certain protections of internal/external host names.
Anyway, another option is to create a custom attack signature perhaps? You would want to use the headercontent value to not match the actual host address. 
Something like this should work: headercontent:"Host"; nocase; re2:!"/www.example.com/"; nocase;
See if this helps,
N

Forum Discussion

A way to mitigate CVE-2017-8295

1 Reply

Recent Discussions

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

CitrixBleed Mitigation CVE-2023-4966

F5 Distributed Cloud L3-L7 DDoS Mitigation

Mitigating OWASP API Security risks using BIG-IP

Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect

Mitigation of OWASP API Security Risk: Unsafe Consumption of API using F5 XC Platform