20-Feb-2023 00:07
What is the URL for F5 responses to security advisories? Both for CVE pertaining to vulnerabilities on F5 products and regarding protections added to the likes of Advanced WAF? For example, if a CVE is published and an F5 threat protection product such as Advanced WAF offers protection in version ABC, where can i search for that?
20-Feb-2023 00:59
I beleive you are looking this page.
27-Feb-2023 16:57 - edited 13-Mar-2023 11:38
Hi @Jim_M - you can sign up for security alerts at https://interact.f5.com/Customer-Preference-Center.html
We'll also have a banned banner up across DevCentral for CVEs, with a link to mitigation strategies - but for the most complete notifications, make sure to sign up at the Preference Center.
30-Nov-2023 20:43
There really isn't a single answer to this:
You can check MyF5 for new SecurityAdvisories: https://my.f5.com/manage/s/new-updated-articles#sort=%40f5_updated_published_date%20descending&f:@f5...
You can also create an RSS feed to monitor this on an ongoing basis.
For first-party security advisories (the type of thing F5 discloses in our QSNs), you can subscribe to 'F5 Security Announcements' here https://interact.f5.com/Customer-Preference-Center.html
For attack signature updates you can subscribe to 'F5 Security Operations Notifications' on the same page. But you're better off using the automatic update/notification in the product than the email for this.
Note that there is very often no one-to-one mapping between WAF rules and a given CVE. You may have one rule that addresses may CVEs, or multiple rules that handle different aspects of one CVE, etc. It is very, very common that when a new CVE comes out there are already existing rules that block it - so nothing new is published. The long and short of that is there is no 'index' where you can look up a CVE and say 'these rules block this CVE'. There just isn't any exhaustive mapping, even internally.
There may be a rule that mentions a given CVE, but just because a CVE is *not* mentioned doesn't mean the WAF can't block it. More often than not it can - it is just one of the basic WAF rules that blocks a whole family of vulns that does it.