UPDATE from F5 Support: Mitigate the Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities with the BIG-IP system
You should consider using this procedure under the following condition:
Description
You can use the BIG-IP system to mitigate the impact of the Spring4Shell and Spring Cloud vulnerabilities in your infrastructure. For more information about these vulnerabilities, refer to K11510688: Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022....
Prerequisites
You must meet the following prerequisite to use this procedure:
- To use the BIG-IP ASM/Advanced WAF mitigation, your BIG-IP system must be licensed and provisioned for the BIG-IP ASM/Advanced WAF module.
Spring Framework RCE (Spring4Shell): CVE-2022-22965
Spring Framework DoS: CVE-2022-22950
Spring Cloud RCE: CVE-2022-22963
Impact
For products with None in the Versions known to be vulnerable column, there is no impact.
For products with ** in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue.
AskF5 Article - Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and...
F5 Labs Article: What Are The Spring4Shell Vulnerabilities?
ps