Support
Three stacked parallel lines iconLetter x

April 1, 2022

Edgecast Response to the Spring4Shell Vulnerability

Edgecast is aware of the latest CVE-2022-22965 (also known as “Spring4Shell”) and CVE-2022-22963. Our review demonstrates the generic Remote Code Execution (RCE) rules (noted below) in our Managed WAF Rules Edgecast Ruleset (ECRS). These provide protection when enabled together.

Rule ID:

944130 Suspicious Java class detected
944100 Remote Command Execution: Suspicious Java class detected
944110 Remote Command Execution: Java process spawn (CVE-2017-9805)
944250 Remote Command Execution: Suspicious Java method detected
932110 Remote Command Execution: Windows Command Injection
933160 PHP Injection Attack: High-Risk PHP Function Call Found

The above rules should provide sufficient coverage when used with an anomaly threshold of under 10. Please make sure you opt-in to an auto-update for the Edgecast Ruleset (ECRS). Our WAF also provides Custom Rules if you need to create custom filters providing additional coverage to address specific corner cases.  

Please contact us if you need additional security assistance reviewing your current security configurations setup. Edgecast provides various managed security services to assist you with your use case. If you are subscribed to Edgecast Managed Cloud Security (MCS) services, our security support team can help you develop custom rules. If you have any questions regarding our managed security services, please reach out to your account manager.

Stay connected and subscribe to our RSS feed.

Contact us
Sales

Call us at

arrow
+1 (877) 334-3236
Support

Manage your account or get tools and information.

More info