Forum Discussion

Nimbostratus

Jul 18, 2018

F5 ASM Signature Could Not detect XSS Attack

We detect XSS Attack to Webserver. But F5 ASM could not detect with Eval command exectute /AAAA?category=all&text=*/1:eval.call(0,atob(%27YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=%27))})// /AAA?cate...

ASM Advanced WAF

security

suttonsc

Employee

Jan 25, 2019

Marking this as answered as the issue was raised as an SR with F5 Networks Support and addressed in a subsequent ASU release.

It is recommended to update the Attack Signatures on an ASM/Advanced WAF device when new releases come available for up to date protection and enhancements in detection methods.

From 13.1.0.4 ASM with updated Attack Signatures (Update: v13.1.0/ASM-SignatureFile_20190114_163855):

Detected Keyword    
text=*/1:eval.call(0,atob(YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=))})//
Attack Signature    
Signature ID
200001324

Signature Name
 eval() (Parameter)

Context Parameter (detected in Query String)
Parameter Level Global
Actual Parameter Name   text
Wildcard Parameter Name *
Parameter Value */1:eval.call(0,atob(YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=))})//

Forum Discussion

F5 ASM Signature Could Not detect XSS Attack

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Live Update- ASM attack signatures

Default Attack Signature Sets

The HTTP/2 CONTINUATION frame attack