cancel
Showing results for 
Search instead for 
Did you mean: 

ASM signtures for CVE-2022-21445

Dave_Pisarek
Cirrus
Cirrus

Are there signatures to protect against this Oracle vulnerability?

https://www.oracle.com/security-alerts/cpuapr2022.html

5 REPLIES 5

LiefZimmerman
Community Manager
Community Manager

@Dave_Pisarek - I'll ask around - assuming you haven't already heard back from anyone on this.

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager

Dave_Pisarek
Cirrus
Cirrus

I have not received any updates just yet. 

LiefZimmerman
Community Manager
Community Manager

A couple folks took a look around and we don't see anything official or otherwise. Odd.

I recommend opening a support case at https://support.f5.com/csp/home and requesting an escalation to the ASM Rules Team so that an official and authoritative answer is provided.

It would be great to have any resulting KB article linked here too.
Hope that helps.

Lief

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager

I'd agree with Lief - reading up on this CVE, it seems to be a Java deserialization gadget accessible prior to authentication. On that basis it's quite likely that there are existing ASM signatures which would trigger during exploitation, but your best route to get that confirmed is by opening a case with the Support organisation who will be able to escalate to the dedicated Threat Research team.

For what it's worth, I looked to see if any other customers had asked the question which would have resulted in an escalation, but there are zero references to that CVE that I can find.

I also couldn't find a good end-to-end PoC; the original writeup points to exploitation via chaining CVE-2022-21445 with a second CVE (from 2020), but they don't reveal the requests they make, only the end results

Sorry, I forgot to keep an eye on this until I saw your reply here.

Signature 200104810 was released for this CVE on August 4th.