Forum Discussion
GauravL
Nimbostratus
NimbostratusSECADV045: PA HTTP Smuggling vulnerability
Can you confirm if the following product 'F5 Rules for AWS WAF' has been updated to provide protection against SECADV045: PA HTTP Smuggling vulnerability?
Tag- F5 Rules for AWS WAF
- zamroni777
Nacreous
as mentioned in below article, enable RFC compliance enforcement in vserver's http profile.
this feature should also work in ltm-only license.HTTP Request Smuggling, what it is, how to find it and how to stop it
Pradeep_KandiEmployee
Hi GauravL
AWS WAF Rules doesn't provide protection against CVE-2024-23316. Since it's an HTTP Request Smuggling vulnerability, AWS Load Balancer needs to be set up to guard against it. I hope this link will be useful https://kloudle.com/academy/configuring-aws-load-balancers-to-protect-against-http-desync-attacks/
amine-elhijaziAltocumulus
Unless F5 publishes a KB about this CVE, I don't think we can confirm it. F5 signature attacks are kept private. You can contact F5 support to confirm.
Best of luck!
boneyardMVP
The way to contact support for F5 Rules for AWS WAF is via this forum, as stated in the support section for it.
https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsi / https://my.f5.com/manage/s/article/K21015971
