This is a NON-OFFICIAL trigger to detect CVE-2021-22991, and is subject to change. This post will be taken down if/when an official version is supplied. This detection card will fire given a request similar to the one shown here:
Please note that this exploit is likely to change / evolve and this trigger is provided as-is and in good faith to the community to help get some coverage for the recent disclosures from F5.
If you’re running version 8.3, you can format the detection card like this via “Detection Formats”:
Community_ CVE-2021-22991v2.json (2.1 KB)