Forum Discussion
pracaburo
Nimbostratus
NimbostratusF5 Rules for AWS WAF - List of CVE
I have checked the AWS WAF F5 rule - Common Vulnerabilities and Exposures (CVE) rule on the AWS marketplace, but is there a WAF rule that corresponds to the following CVE?
- CVE-2022-24963(https://nvd.nist.gov/vuln/detail/CVE-2022-24963#match-8865215)
- CVE-2022-25147(https://nvd.nist.gov/vuln/detail/CVE-2022-25147)
Joel_CohenEmployee
Thes two CVEs correspon to Integer Overflows, which are attacks that can not really be mitigated with AWS rules.
A common methon in application security for mitigating such attacks are size limits on paramters, for example.
That said, the F5 Rules for AWS WAF - CVE group does not have rules for the CVEs in question.
Thanks