Dear Silverline WAF Customers,
On June 2, 2022 Atlassian disclosed a critical Remote Code Execution (RCE) vulnerability in its Confluence product, designated CVE-2022-26134. The vulnerability is being actively exploited in the wild with POC exploits being publicly available.
Silverline WAF customers are protected against CVE-2022-26134 with several layers of existing signatures and mitigating controls:
- Signature ID 200004474 provides protection against generic URI-based Java code injection
- Signature IDs 200004564, 200004565, 200104761 provide protection against previously disclosed Confluence vulnerabilities for template injection and OGNL injection.
- Server Side Code Injection signatures protect against injection of malicious code into vulnerable JSP gadgets including those seen in known exploit vectors
- Malicious payloads such as command-injection and webshells will be detected by existing signatures
F5 Silverline threat research teams are actively monitoring the situation and will tune/adjust protections accordingly.
The Silverline network infrastructure is not exposed to this vulnerability.
More information can be found at https://support.f5.com/csp/article/K01204888.
If you have any questions, please reach out to the Silverline SOC at +1 866 329 4253.