Forum Discussion
Admin07
Nimbostratus
NimbostratusAbout Vulnerability Countermeasures
Thank you for your assistance.
I would like to know if the following product is effective as a vulnerability countermeasure.
Product name:
F5 Rules for AWS WAF Common Vulnerabilities and Exposures
Target vulnerability:
CVE-2021-26691
CVE-2021-26690
CVE-2020-35452
We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible.
Thank you in advance for your cooperation.
sajjadali1122The F5 Rules for AWS WAF are designed to protect against various common vulnerabilities and exposures (CVEs) by enhancing web application security. However, effectiveness depends on whether these rules specifically address the CVEs you're concerned about.
Here’s a quick check:
- CVE-2021-26691 & CVE-2021-26690: Both are related to vulnerabilities in certain web application servers, specifically around HTTP request smuggling. AWS WAF with custom F5 rules might mitigate these if the rules include protections against HTTP request smuggling.
- CVE-2020-35452: This CVE is related to Apache HTTP server vulnerabilities. F5 Rules for AWS WAF may protect against known attack patterns, but you should verify if Apache-specific rules are included.
To ensure these specific CVEs are covered, consult F5 documentation or support to verify if their rule sets include protections against these vulnerabilities.
- Aswin_mk
Cumulonimbus
Please go through the links
- https://my.f5.com/manage/s/article/K32305110
- https://my.f5.com/manage/s/article/K41320158
- https://my.f5.com/manage/s/article/K27129140
As per documents F5 is not vulnerable for this vulnerabilities
Please go through the link and tell me if you have any queries
Br
Aswin
