cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 Rules for AWS WAF - Web exploits OWASP Rules - Need Log4J update CVE-2021-44228

GauravL
Nimbostratus
Nimbostratus

Hi,

 

Can you confirm if the following product has been updated to provide protection from Log4J, CVE-2021-44228 ?

 

https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsi

F5 Rules for AWS WAF - Web exploits OWASP Rules

5 REPLIES 5

Mohamedfaizur
F5 Employee
F5 Employee

Hi,

Yes 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228

Thanks

Hi,

Is there any official announcement or the link where we can check this update?

Mohamedfaizur
F5 Employee
F5 Employee

Hi,

Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed.

I have checked F5 rule set and its updated to deal with CVE-2021-44228

Thanks

GauravL
Nimbostratus
Nimbostratus

Hi,

Are you a member of F5 product team? I just want to ensure about the source of information you gave to me. As the Log4j vulnerability has impacted us organization level. If the "F5 Rules for AWS WAF - Web exploits OWASP Rules" product is updated or not impacted by log4j vulnerability, we would not require any action or update at our infra level.

Mohamedfaizur
F5 Employee
F5 Employee

Hi,

Yes I am from support team handling 'F5 Rules for AWS WAF' as well.

As I mentioned earlier 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228.

 

 

Thanks

Mohamedfaizur