For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Admin07's avatar
Admin07
Icon for Nimbostratus rankNimbostratus
Oct 18, 2024

About Vulnerability Countermeasures

Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures...
aws
f5
F5 Rules for AWS WAF
For
rules
waf
sajjadali1122's avatar
sajjadali1122
Icon for Nimbostratus rankNimbostratus
Oct 24, 2024

The F5 Rules for AWS WAF are designed to protect against various common vulnerabilities and exposures (CVEs) by enhancing web application security. However, effectiveness depends on whether these rules specifically address the CVEs you're concerned about.

Here’s a quick check:

  • CVE-2021-26691 & CVE-2021-26690: Both are related to vulnerabilities in certain web application servers, specifically around HTTP request smuggling. AWS WAF with custom F5 rules might mitigate these if the rules include protections against HTTP request smuggling.
  • CVE-2020-35452: This CVE is related to Apache HTTP server vulnerabilities. F5 Rules for AWS WAF may protect against known attack patterns, but you should verify if Apache-specific rules are included.

To ensure these specific CVEs are covered, consult F5 documentation or support to verify if their rule sets include protections against these vulnerabilities.