Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Does Spring4Shell impacts on F5 AWS WAF?

worapojc
Altostratus
Altostratus

Hi F5 community,

I'm using these F5 rules for AWS WAF with API Gateway and Application Load Balancer resources.

How do I know these vulnerabilities are no impact on AWS WAF? or 
Has it been fixed in the F5 rules? or
Do I need to create a custom F5 rules to protect these vulnerabilites?

Regards,
Worapoj

1 ACCEPTED SOLUTION

4 REPLIES 4

PSilva
Legacy Employee
Legacy Employee

See this: 

K24912123: Mitigate the Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities with the BIG-IP system - https://support.f5.com/csp/article/K24912123

ps

worapojc
Altostratus
Altostratus

Hi,

I'm not sure I understand it correctly but it seems for F5 appliance or others which is not SaaS, on AWS.

So, I would like to know the vulnerabilties are no impact on the F5 AWS WAF rules and F5 has updated signatures to protect this issue.

Could you please provide more details for AWS WAF specific areas?

Regards

All the Support info is here: https://community.f5.com/t5/technical-forum/k24912123-mitigate-the-spring-framework-spring4shell-and...

And, there was a Signiture Update Yesterday - Select Product and Path at https://downloads.f5.com/esd/productlines.jsp

ps

LiefZimmerman
Community Manager
Community Manager

Accepting PSilva's reply as Solution - if you disagree @worapojc feel free to unAccept. Thanks,