Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Directory Traversal with Spring MVC on Windows (CVE-2018-1271)

Posted April 15, 2018 by Gal Goldshtein

Recently a directory traversal vulnerability in the Spring Framework was published (CVE-2018-1271). The Spring application will only be vulnerable when it is deployed on a Microsoft Windows based operating system and the application developer uses... Read more

PEM: Subscriber-Aware Policy and Why Every Large Network Needs One

Posted April 13, 2018 by Sergey Starzhinskiy

Previous post “PEM: Key Component of the  Next Generation University Network” provided a high-level overview of several Policy Enforcement Manager features which help K-12 Schools, Colleges and Universities transform their Networks into... Read more

Remote Code Execution with Spring Data Commons (CVE-2018-1273)

Posted April 12, 2018 by Gal Goldshtein

In the recent days another critical vulnerability in Spring Framework was published (CVE-2018-1273). This time the vulnerable component is Spring Data Commons. Spring Data component goal is to provide a common API for accessing NoSQL and... Read more

The DevCentral Chronicles Volume 1, Issue 4

Posted April 11, 2018 by Peter Silva

If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the... Read more

Technical Article

iControl REST Fine-Grained Role Based Access Control

Posted April 10, 2018 by Satoshi Toyosawa

iControl REST Fine-Grained Role Based Access Control Introduction The F5's role based access control (RBAC) mechanism allows a BIG-IP administrator to assign appropriate access privilages to the users [1]. For example, when the operator role... Read more

Lightboard Lessons: What is a Web Application Firewall (WAF)?

Posted April 09, 2018 by John Wagnon

Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic... Read more

Technical Article

Unbreaking the Internet and Converting Protocols

Posted April 09, 2018 by Eric Chen

When CloudFlare took over 1.1.1.1 for their DNS service; this got be thinking about a couple of issues:What do you do if you’ve been using 1.1.1.1 on your network, how do you unbreak the Internet?How can you enable use of DNS over TLS for clients... Read more

Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270 / CVE-2018-1275)

Posted April 08, 2018 by Gal Goldshtein

In the recent days a critical vulnerability in Spring framework was published. The vulnerable component is Spring-Messaging which is the Spring implementation of WebSockets, Spring-Messaging uses the STOMP messaging protocol as the subprotocol for... Read more

Answers / discussion

​​
OpenSSL and Heart Bleed Vuln

Asked 4/7/2014

by squip

21 Votes

​​
iRule Event Order - HTTP

Asked 11/8/2013

by What Lies Beneath

21 Votes

​​
TCP Traffic Path Diagram

Discussed 5/13/2014

by What Lies Beneath

13 Votes

​​
​​
F5 Big IP File Locations

Asked 8/24/2009

by JohnCzerwinski

10 Votes

​​
A Protocol Profiler In a Few iRules

Discussed 11/12/2014

by Thomas Schockaert

8 Votes

​​
​​
APM with google authenticator

Discussed 7/9/2016

by Patrik Jonsson

7 Votes

​​