Is the ASM policy blocking specific attack signature?

Goal is to make sure CVE-2017-10271-29308 is being blocked

To check this you can simply do the following.

1. Log into the GUI of the device and select the correct partition in the upper right hand corner of the GUI. In this case I had to choose the "Production" partition since that is where the ASM policy exists.
2. Navigate to Security  ››  Application Security : Attack Signatures : Attack Signatures List.
3. Change the "Current edited policy" to the correct policy. In this case I chose the main default "ASMGlobalPolicy". You can see that the policy is also set to "blocking".
4. Now click "Show Filter Details" to expand the advanced search. Enter 200004174 into the "Signature ID" field and click the "Go" button.
5. After clicking the "Go" button simply scroll down and you will see the attack signature listed. I believe the name of it is "Sensitive Java class detected in XML". Then all we need to do is look at the right hand side to see that the "Block" and "Enabled" columns have a value of "Yes". In my repro they do which indicates that the attack signature is set to block for this ASM policy.

In short, any virtual server that has the "ASMGlobalPolicy" applied to it should be safe from CVE-2017-10271 as mentioned in the DevCentral article. https://devcentral.f5.com/articles/oracle-weblogic-wls-security-component-remote-code-execution-cve-2017-10271-29308