For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mbean's avatar
mbean
Icon for Altostratus rankAltostratus
Mar 31, 2022
Solved

spring4shell iRules yet?

Anyone have an irule to help alleviate this yet?   re: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html   " WAF protection On network protection devices such as WAF,...
security
spring4shell
  • AaronJB's avatar
    AaronJB
    Apr 01, 2022

    F5 has published additional Advanced WAF rules for CVE-2022-22965 (Spring4Shell) and CVE-2022-22963 (Spring Cloud RCE), in addition to the 0-day coverage provided by several existing rules: https://support.f5.com/csp/article/K24912123

    While you could likely use the log4j iRule as a base and modify it to contain your desired rules for Spring4Shell et al, I would caution that it is much more efficient and robust to use a WAF like Advanced WAF or NGINX App Protect than it is to re-write that functionality in an iRule.

mbean's avatar
mbean
Icon for Altostratus rankAltostratus
Apr 04, 2022

Thanks. I was just wondering if they were going to release an iRule to use before the WAF/ASM policies were rolled out, like was done with log4J fun times.