Forum Discussion

Cirrocumulus

Nov 15, 2016

Scan Failure - Redhat JBoss Enterprise

We have an applications that use this piece of software for their application. We just had a vulnerability scan run against it and it came back with the below information. The solution says to upgr...

Cirrus

Nov 16, 2016

Hi Shann, I'm not really expert in this type of attacs. Reading documentation (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet) I see that X-Frame-Options HTTP header can be used to protect from CVE-2015-5178. Generally speaking, I think that it is possible to insert this HEADER by an iRule in the HTTP_RESPOND event. In this way you would supply to the missing header insertion. Regarding CVE-2015-5220, you can create a iRule that in HTTP_REQUEST event, count the number of HTTP header in the request and reject the request if this number is larger than a specific limit.

Hope this can help.

regards

Leonardo

Forum Discussion

Scan Failure - Redhat JBoss Enterprise

Recent Discussions

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

Related Content

Scaling BIG-IP With ECMP and RedHat Ansible

Running F5 with managed Azure RedHat OpenShift

Monitoring Failure OAuth request

F5 SLEDFest 2022 Tallahassee Edition - Enterprise Application Strategy presentation

Mitigating OWASP Web Application Risk: Security Logging & Monitoring Failures using F5 XC Platform