Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Where to view F5SIRT security advisories?


What is the URL for F5 responses to security advisories? Both for CVE pertaining to vulnerabilities on F5 products and regarding protections added to the likes of Advanced WAF? For example, if a CVE is published and an F5 threat protection product such as Advanced WAF offers protection in version ABC, where can i search for that?



I beleive you are looking this page.

Community Manager
Community Manager

Hi @Jim_M  - you can sign up for security alerts at

We'll also have a banned banner up across DevCentral for CVEs, with a link to mitigation strategies - but for the most complete notifications, make sure to sign up at the Preference Center. 


There really isn't a single answer to this:

You can check MyF5 for new SecurityAdvisories:

You can also create an RSS feed to monitor this on an ongoing basis.

For first-party security advisories (the type of thing F5 discloses in our QSNs), you can subscribe to 'F5 Security Announcements' here

For attack signature updates you can subscribe to 'F5 Security Operations Notifications' on the same page.  But you're better off using the automatic update/notification in the product than the email for this.

Note that there is very often no one-to-one mapping between WAF rules and a given CVE.  You may have one rule that addresses may CVEs, or multiple rules that handle different aspects of one CVE, etc.  It is very, very common that when a new CVE comes out there are already existing rules that block it - so nothing new is published.  The long and short of that is there is no 'index' where you can look up a CVE and say 'these rules block this CVE'.  There just isn't any exhaustive mapping, even internally.

There may be a rule that mentions a given CVE, but just because a CVE is *not* mentioned doesn't mean the WAF can't block it.  More often than not it can - it is just one of the basic WAF rules that blocks a whole family of vulns that does it.