Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1
Fixed In:
15.0.0, 14.1.0.2, 14.0.0.5, 13.1.1.5
Opened: Nov 07, 2018
Severity: 3-Major
CSRF situation on the BIG-IP ASM GUI that might potentially lead to resource exhaustion on the device for the moment it is being run.
Once multiple requests are sent to the target GUI, it is possible to see httpd process spiking even in core 0 (VMWare).
The following URL accepts a wildcard in the parameter id, making it a heavy URL: https://BIG-IP/dms/policy/pl_negsig.php?id=*
None.
If the query string parameter has a string value the query is not executed.
