Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Jul 30, 2019

An Application ASP.Net vulnerability.

Dear Experts,

 

I need help in the following issue for one of our clients: it seems that some of the WEB servers are infected with CVE-2017-9248 vulnerability which allow hackers to remote attack and defeat cryptographic protection leading to arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

It seems this done via Telerik.Web.UI.WebResource.axd where the attacker where able to comprmise the Website and upload some webshells and files.

 

I am searching for a way to stop this exploit from ASM with no luck, I would appreciate any support regarding it.

 

Regards,

Muhannad

2 Replies

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    It is a cryptographic weakness inherent in the application. Telerik's solutions is either to patch/upgrade or disable certain functionality (a handler) within the application (See: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness).

     

    It seems that neither could be done in your situation from the fact that you were asked to provide a solution on F5.

     

    One way of mitigating the situation is to enforce user authentication for the application on the F5, preferably with the use of APM. That way you would have a way of controlling the access at least.