VYPR

Nginx App Protect WAF

by F5, Inc.

CVEs (2)

  • CVE-2025-58474Oct 15, 2025
    risk 0.00cvss epss 0.00

    When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests.  Note: Software versions which have reached…

  • CVE-2021-23050Sep 14, 2021
    risk 0.00cvss epss 0.00

    On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the…