Forum Discussion

chanzk's avatar
chanzk
Icon for Altostratus rankAltostratus
Sep 14, 2023

F5 Rules for AWS WAF - CVE-2021-22118 & CVE-2016-1000027

Hello, We're checking in the AWS marketplace for the F5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE) Rules and want to check if the following CVEs are covered by this rule set? C...
AWS
cloud
cve
F5 Rules for AWS WAF
security
waf
  • Joel_Cohen's avatar
    Joel_Cohen
    Sep 19, 2023

    Hi chanzk ,

    Unlike the full blown WAF security solutions, F5 rules on AWS WAF are limited in total capacity, limiting the types of CVEs we can offer protection against. Normally, F5 rules include protection against CVEs that are common among customers. CVE-2016-1000027 may affect only few, therefore it wasn't included yet. We will add it in our next updates.

    CVE-2021-22118 is a local vulnerability, not a network vulnerability. So less relevant for a WAF.

    Thanks.

Joel_Cohen's avatar
Joel_Cohen
Icon for Employee rankEmployee

Hi ambrosetse 

Yes it was updated. sorry it took me longer to answer than expected.

ambrosetse's avatar
ambrosetse
Icon for Altostratus rankAltostratus
Oct 09, 2023

Hi Joel_Cohen 

I would like to know if the current F5 rules for AWS WAF cover for the following vulnerabilities?
CVE-2022-22968, CVE-2022-22976, CVE-2022-22970, CVE-2022-22950, CVE-2023-20861 and CVE-2023-20863
If not, will they include at the future release?

Thanks

 

Ambrose

  • Joel_Cohen's avatar
    Joel_Cohen
    Icon for Employee rankEmployee
    Oct 16, 2023

    Hi ambrosetse ,

    These CVEs are not covered in the rule sets. We don't have these in our plans either.

    Thansk

    Joel