UPDATE from F5 Support: Mitigate the Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities with the BIG-IP system
You should consider using this procedure under the following condition:
Note: F5 is still actively monitoring the situation and will update this article and/or signatures when more specific information becomes available.
You can use the BIG-IP system to mitigate the impact of the Spring4Shell and Spring Cloud vulnerabilities in your infrastructure. For more information about these vulnerabilities, refer to K11510688: Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963.
Prerequisites
You must meet the following prerequisite to use this procedure:
Spring Framework RCE (Spring4Shell): CVE-2022-22965
Spring Framework DoS: CVE-2022-22950
Spring Cloud RCE: CVE-2022-22963
Impact
For products with None in the Versions known to be vulnerable column, there is no impact.
For products with ** in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue.
AskF5 Article - Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963
F5 Labs Article: What Are The Spring4Shell Vulnerabilities?
AltostratusHi,
How do I know these vulnerabilities are no impact on AWS WAF?
I'm using these F5 rules for AWS WAF.
Regards,
Worapoj
AaronJB also posted this:
F5 has published additional Advanced WAF rules for CVE-2022-22965 (Spring4Shell) and CVE-2022-22963 (Spring Cloud RCE), in addition to the 0-day coverage provided by several existing rules: https://support.f5.com/csp/article/K24912123
While you could likely use the log4j iRule as a base and modify it to contain your desired rules for Spring4Shell et al, I would caution that it is much more efficient and robust to use a WAF like Advanced WAF or NGINX App Protect than it is to re-write that functionality in an iRule.
