F5 Rules for AWS WAF - Web exploits OWASP Rules - Need Log4J update CVE-2021-44228

GauravL · ‎24-Dec-2021

Hi,

Can you confirm if the following product has been updated to provide protection from Log4J, CVE-2021-44228 ?

https://aws.amazon.com/marketplace/pp/prodview-ah3rqi2hcqzsi

F5 Rules for AWS WAF - Web exploits OWASP Rules

Mohamedfaizur · ‎29-Dec-2021

Hi,

Yes 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228

Thanks

GauravL · ‎30-Dec-2021

Hi,

Is there any official announcement or the link where we can check this update?

Mohamedfaizur · ‎01-Jan-2022

Hi,

Unlike traditional, full blown WAF security solutions, the content of F5 rules is not visible and cannot be viewed.

I have checked F5 rule set and its updated to deal with CVE-2021-44228

Thanks

GauravL · ‎05-Jan-2022

Hi,

Are you a member of F5 product team? I just want to ensure about the source of information you gave to me. As the Log4j vulnerability has impacted us organization level. If the "F5 Rules for AWS WAF - Web exploits OWASP Rules" product is updated or not impacted by log4j vulnerability, we would not require any action or update at our infra level.

Mohamedfaizur · ‎07-Jan-2022

Hi,

Yes I am from support team handling 'F5 Rules for AWS WAF' as well.

As I mentioned earlier 'F5 Rules for AWS WAF' is updated to deal with Log4J, CVE-2021-44228.

Thanks

Mohamedfaizur

DevCentral

F5 Rules for AWS WAF - Web exploits OWASP Rules - Need Log4J update CVE-2021-44228

MFA required on DevCentral