News
Protection against Log4j RCE vulnerability in WafCharm and Managed Rules
We would like to describe the current support status of WafCharm and CSC Managed Rules for AWS WAF to the Log4j RCE vulnerability (CVE-2021-44228).
WafCharm
We started to provide customization for Log4j RCE on Friday, December 10th.
We started distributing the correspondence rule to all users from Wednesday, December 14th, and finished at all.
We are continuously updating the rules to adopt new bypass patterns.
# AWS v2
The correspondence rule has been added to the default rules.
# AWS v1
Any correspondence rules have not been added to the default rules.
We recommend using WafCharm combined with our Managed Rule (Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-).
#Azure
The correspondence rule has been added to the default rules.
#GCP
The correspondence rule has been added to the default rules.
CSC Managed Rules for AWS WAF
We distributed the correspondence rule at the default rules to all of the following Managed Rule Sets on Saturday, December 11th.
We are continuously updating the rules to adopt new bypass patterns.
Cyber Security Cloud Managed Rules for AWS WAF -High Security OWASP Set-
Cyber Security Cloud Managed Rules for AWS WAF -API Gateway / Serverless-
Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-