sullo
commented
4 years ago Going to close this since we don't have any actionable information on how to recreate.
Closed iasdeoupxe closed 4 years ago
sullo
commented
4 years ago Going to close this since we don't have any actionable information on how to recreate.
iasdeoupxe
commented
4 years ago @sullo Did some search and it seems:
(linked in the article) shows that /hsqldb is accessed and the following has a few additional info on that file:
https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
including an access to /hsqldb; which might worth to have a look.
iasdeoupxe
commented
4 years ago I have created a PR on this with #702
Output of suspected false positive / negative
https://www.helpnetsecurity.com/2020/07/08/bypassing-f5-big-ip-rce-mitigation/
685 / 339fbe2414a8c607caf2a7985ec5c2c36f582822 could require an update to check if it is possible to bypass the mitigation. Haven't found any info yet how the mitigation can be bypassed.