Can you confirm if the following product has been updated to provide protection from Log4J, CVE-2021-44228 ?
F5 Rules for AWS WAF - Web exploits OWASP Rules
Yes 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228
Is there any official announcement or the link where we can check this update?
Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed.
I have checked F5 rule set and its updated to deal with CVE-2021-44228
Are you a member of F5 product team? I just want to ensure about the source of information you gave to me. As the Log4j vulnerability has impacted us organization level. If the "F5 Rules for AWS WAF - Web exploits OWASP Rules" product is updated or not impacted by log4j vulnerability, we would not require any action or update at our infra level.
Yes I am from support team handling 'F5 Rules for AWS WAF' as well.
As I mentioned earlier 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228.