Rewterz Threat Advisory – CVE-2021-42717 – F5 NGINX ModSecurity WAF

Rewterz Threat Advisory – CVE-2021-43410 – Apache Airavata Django Portal Vulnerability

December 7, 2021

Rewterz Threat Advisory – TA505 Targeting Financial Sector

December 7, 2021

Rewterz Threat Advisory – CVE-2021-42717 – F5 NGINX ModSecurity WAF

Severity

Medium

Analysis Summary

CVE-2021-42717

F5 NGINX ModSecurity WAF is vulnerable to a denial of service, caused by an uncontrolled recursion flaw. By sending specially-crafted JSON messages, a remote attacker could exploit this vulnerability to cause high resource utilization and results in a denial of service condition.

Impact

Denial of Service

Affected Vendors

Affected Products

F5 NGINX ModSecurity WAF R24
F5 NGINX ModSecurity WAF R25

Remediation

Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K50839343

Rewterz Threat Advisory – CVE-2021-43410 – Apache Airavata Django Portal Vulnerability

Rewterz Threat Advisory – TA505 Targeting Financial Sector

Rewterz Threat Advisory – CVE-2021-42717 – F5 NGINX ModSecurity WAF

Severity

Analysis Summary

CVE-2021-42717

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan