For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Shellshock mitigation with BIG-IP iRules

Yesterday, NIST released information on a new network exploitable vulnerability in the GNU Bash shell as demonstrated by vectors involving parts of OpenSSH sshd, the mod_cgi, and mod_cgid modules in ...
Updated Jun 06, 2023
Version 2.0
application delivery
devops
iRules
security
shellshock
Beinhard_8950's avatar
Beinhard_8950
Icon for Nimbostratus rankNimbostratus
Sep 30, 2014
just one notice, When talking about IDS/IPS and similar we know that "workarounds" usually happens from the attacking "side". So when Irules does not do any decoding I guess that strings like this will pass the irule and still be vulnerible: %28%20) %7b%20