We're checking in the AWS marketplace for the F5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE) Rules and want to check if the following CVEs are covered by this rule set?
The following is good generic info on the F5 WAF:
You would probably be looking at signatures. You can look at these if you have a test or eval instance running of the product:
Hi @whisperer ,
Thanks for the reply. As I mentioned, I am using AWS marketplace for the F5 Rules for AWS WAF - Common Vulnerabilities and Exposures (CVE) Rules. Therefore I do not have access to the BIG-IP ASM/AdvWAF Configuration Utility. Does it mean that it is impossible to check what CVEs are included when subscripting F5 rules from AWS marketplace?
I really cannot think of a way to a) programmatically via CLI obtain this information from the product, b) nor am I aware of any online based index or search tool for figuring out what version/signature release covers certain CVEs.
If I need a quick answer, I would just run an F5 VE instance on VMware, same BIGIP code and attack signature version, and reference it that way.
I would be very interested in knowing of a better way of doing this. Have you tried to contact an F5 sales engineer or product support?
Hi @chanzk ,
Unlike the full blown WAF security solutions, F5 rules on AWS WAF are limited in total capacity, limiting the types of CVEs we can offer protection against. Normally, F5 rules include protection against CVEs that are common among customers. CVE-2016-1000027 may affect only few, therefore it wasn't included yet. We will add it in our next updates.
CVE-2021-22118 is a local vulnerability, not a network vulnerability. So less relevant for a WAF.