Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

CVE-2020-5902 F5 BIG-IP Exploitation Attempt

Published: 2020-07-05
Last Updated: 2020-07-05 17:10:09 UTC
by Didier Stevens (Version: 1)
1 comment(s)

A quick heads-up: we are seeing scans for F5 BIG-IP's vulnerability CVE-2020-5902.

They look like this (Host header redacted):

GET /tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa HTTP/1.1
Host:x.x.x.x
User-Agent: Nuclei - Open-source project (github.com/projectdiscovery/nuclei)
Accept: */*
Accept-Language: en
Connection: close
Accept-Encoding: gzip

Here is a sigma rule for CVE-2020-5902.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

1 comment(s)

Wireshark 3.2.5 Released

Published: 2020-07-05
Last Updated: 2020-07-05 09:03:42 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Wireshark version 3.2.5 was released.

It has a vulnerability fix and bug fixes.

A vulnerability in the GVCP dissector (CVE-2020-15466) can be abused to cause an infinite loop.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
0 comment(s)
Diary Archives