K000137416 : BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-23308
Discription

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." (CVE-2024-23308) Impact Traffic is disrupted while the BD process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue…Read More

Back to Main

Subscribe for the latest news: