Forum Discussion

MartinVerner_37's avatar
MartinVerner_37
Icon for Nimbostratus rankNimbostratus
Oct 10, 2018

f5 AWS WAF CVE coverage

We are looking into blocking three very specific CVE's. I would like to know if they are covered by the f5 managed AWS WAF rules. I do however not wish to specific which in a public forum. Is there s...
AWS
cloud
security
Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Oct 14, 2018

Most of the ASM signatures cover a class (or type) of vulnerability, and are not specifically targeted at a CVE.

 

For example, many Command Injection vulnerabilities are blocked by ASM because there are signatures for the commands that would be included in an attack ("bash", "cmd.exe" etc).

 

Newly discovered CVE's that are blocked by existing signatures (i.e Zero Day protection) will not be recorded in any way.

 

Sometimes ASM rules are created for a specific CVE, and this will be listed in the Signature notes.

 

For a specific CVE, determine if it falls into one the common classes of vulnerabilities such as Command Injection - in which case it should be covered by the F5 Rules for AWS WAF - Web exploits OWASP Rules.

 

Otherwise (for a framework-specific CVE) it may be covered by F5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE)

 

For more specific queries, you can approach AWS Support as detailed in

 

K21015971: Overview of F5 RuleGroups for AWS WAF