Follow

F5 Silverline - Security Advisory - Atlassian Confluence RCE CVE-2022-26134

Dear Silverline WAF Customers,

 

On June 2, 2022 Atlassian disclosed a critical Remote Code Execution (RCE) vulnerability in its Confluence product, designated CVE-2022-26134.   The vulnerability is being actively exploited in the wild with POC exploits being publicly available.

 

Silverline WAF customers are protected against CVE-2022-26134 with several layers of existing signatures and mitigating controls:

  • Signature ID 200004474 provides protection against generic URI-based Java code injection
  • Signature IDs 200004564, 200004565, 200104761 provide protection against previously disclosed Confluence vulnerabilities for template injection and OGNL injection.
  • Server Side Code Injection signatures protect against injection of malicious code into vulnerable JSP gadgets including those seen in known exploit vectors
  • Malicious payloads such as command-injection and webshells will be detected by existing signatures

 

F5 Silverline threat research teams are actively monitoring the situation and will tune/adjust protections accordingly.

 

The Silverline network infrastructure is not exposed to this vulnerability.

 

More information can be found at https://support.f5.com/csp/article/K01204888.

 

If you have any questions, please reach out to the Silverline SOC at +1 866 329 4253.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request