- Can you please confirm if the current service as provided by Silverline WAF is able to protect against CVE-2020-7961?
- What mitigation is automatically in place and what actions need to be taken to enable mitigation through F5 Silverline WAF service - if any?
- Silverline Managed WAF
- Silverline WAF Express
- Yes, the Silverline WAF service can protect against CVE-2020-7961.
- The Attack Signatures WAF module will need to be in "Blocking" to protect against this CVE.
- Included in Phase 1 Blocking setup
- Included in "Blocking" for WAF Express customers
- Specifically the signatures 200004325 - "Java code injection - com.mchange.v2.c3p0.WrapperConnectionPoolDataSource (Parameter)" and 200004326 - "Java code injection - com.mchange.v2.c3p0.WrapperConnectionPoolDataSource (Header)".