F5 Rules for AWS WAF - Web exploits OWASP Rules - Need Log4J update CVE-2021-44228

Question

Hi,&nbsp;Can you confirm if the following product has been updated to provide protection from Log4J, CVE-2021-44228 ?&nbsp;https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsiF5 Rules for AWS WAF - Web exploits OWASP Rules

mohamedfaizur · Answer

Hi,Yes 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228Thanks

gauravl · Answer

Hi,Is there any official announcement or the link where we can check this update?

mohamedfaizur · Answer

Hi,Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed.I have checked F5 rule set  and its updated to deal with CVE-2021-44228Thanks

gauravl · Answer

Hi,Are you a member of F5 product team? I just want to ensure about the source of information you gave to me. As the Log4j vulnerability has impacted us organization level. If the "F5 Rules for AWS WAF - Web exploits OWASP Rules" product is updated or not impacted by log4j vulnerability, we would not require any action or update at our infra level.

mohamedfaizur · Answer

Hi,

Yes I am from support team handling 'F5 Rules for AWS WAF' as well.

As I mentioned earlier 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228.

Thanks

Mohamedfaizur

Forum Discussion

F5 Rules for AWS WAF - Web exploits OWASP Rules - Need Log4J update CVE-2021-44228

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Apache Log4j2 (CVE-2021-44228) mitigation iApp

DevCentral Connects: Log4j CVE-2021-44228

Mitigating log4j (CVE-2021-44228) with AFM Protocol Inspection Custom Signatures

What is Web Cache Exploitation?

Chrome zero-day fix MS Copilot Log4Shel still being exploited

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS