Forum Discussion

  • Thes two CVEs correspon to Integer Overflows, which are attacks that can not really be mitigated with AWS rules. 

    A common methon in application security for mitigating such attacks are size limits on paramters, for example.

    That said, the F5 Rules for AWS WAF - CVE group does not have rules for the CVEs in question.

    Thanks