F5 Networks Alert
1965Warning Date
Severity Level
Warning Number
Target Sector
22 December, 2020
● Medium
2020-2238
All
F5 Networks has released an alert to address a vulnerability in the following product:
- BIG-IP (AAM)
- 15.1.0 - 15.1.2
- 14.1.0 - 14.1.3
- 13.1.0 - 13.1.3
- 12.1.0 - 12.1.5
- 11.6.1 - 11.6.5
* Vulnerability in Web Acceleration User Interface
Threats:
Remote Attacker could exploit this vulnerability by executing arbitrary code.
Best practice and Recommendations:
F5 Networks recommends to eliminate this vulnerability to de-provisioning the BIG-IP AAM module.
Alternatively, if de-provisioning the BIG-IP AAM module is not possible, you can eliminate this vulnerability by performing the following procedure:
- Log in to the BIG-IP command line
- Use a text editor to add the following string to the /usr/local/www/waui/WEB-INF/struts.xml file:
- <constant name="struts.excludedPackageNames" value="java.io.,java.nio.,org.apache.tomcat." />
- Save the changes and exit the file
- Restart the tomcat service by entering the following command:
- tmsh restart sys service tomcat
For more information: