For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

5 Replies

  • Mohamedfaizur's avatar
    Mohamedfaizur
    Icon for Employee rankEmployee
    Jan 07, 2022

    Hi,

    Yes I am from support team handling 'F5 Rules for AWS WAF' as well.

    As I mentioned earlier 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228.

     

     

    Thanks

    Mohamedfaizur

     

     

  • GauravL's avatar
    GauravL
    Icon for Nimbostratus rankNimbostratus
    Jan 05, 2022

    Hi,

    Are you a member of F5 product team? I just want to ensure about the source of information you gave to me. As the Log4j vulnerability has impacted us organization level. If the "F5 Rules for AWS WAF - Web exploits OWASP Rules" product is updated or not impacted by log4j vulnerability, we would not require any action or update at our infra level.

  • Mohamedfaizur's avatar
    Mohamedfaizur
    Icon for Employee rankEmployee
    Jan 02, 2022

    Hi,

    Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed.

    I have checked F5 rule set and its updated to deal with CVE-2021-44228

    Thanks

    • GauravL's avatar
      GauravL
      Icon for Nimbostratus rankNimbostratus
      Dec 30, 2021

      Hi,

      Is there any official announcement or the link where we can check this update?