Forum Discussion
NimbostratusSECADV045: PA HTTP Smuggling vulnerability
Can you confirm if the following product 'F5 Rules for AWS WAF' has been updated to provide protection against SECADV045: PA HTTP Smuggling vulnerability?
Tag- F5 Rules for AWS WAF
4 Replies
amine-elhijaziAltocumulus
Unless F5 publishes a KB about this CVE, I don't think we can confirm it. F5 signature attacks are kept private. You can contact F5 support to confirm.
Best of luck!
- boneyard
MVP
The way to contact support for F5 Rules for AWS WAF is via this forum, as stated in the support section for it.
https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsi / https://my.f5.com/manage/s/article/K21015971
Hi GauravL
AWS WAF Rules doesn't provide protection against CVE-2024-23316. Since it's an HTTP Request Smuggling vulnerability, AWS Load Balancer needs to be set up to guard against it. I hope this link will be useful https://kloudle.com/academy/configuring-aws-load-balancers-to-protect-against-http-desync-attacks/
- zamroni777
as mentioned in below article, enable RFC compliance enforcement in vserver's http profile.
this feature should also work in ltm-only license.HTTP Request Smuggling, what it is, how to find it and how to stop it
