Terraform AWS WAFv2 for Log4Shell and New Spring4Shell Remote Code Execution Protection

Terraform is a programming language that allows for describing an Application Programming Interface (API) with the additional benefit of state management and locking. In this example, we are managing AWS (Amazon Web Services) resources with Infrastructure-As-Code.

There are several vulnerabilities that have been found in the last few days to layer into the Log4J vulnerabilities that were disclosed last year. They are Log4JRCE (CVE-2021-44228, CVE-2021-45046) and Spring4ShellRCE (CVE-2022-22963, CVE-2022-22965). Log4Spring was disclosed a few days ago.

A Web Application Firewall or WAF, is a OSI Layer 7 or Application Layer proxy that can inspect part of an HTTPS request and respond accordingly. A Web Application Firewall enables abilities to set rules and policies to respond to specific requests. This could be SQL Injection (SQLi), Cross Side Scripting (XSS) Attacks, Brute Force Protection for example.

A definition of Remote Code Execution or RCE is a type of attack in which an actor can command the operation of another asset. An RCE vulnerability can result in other devastating results depending upon how your network is structured.

With Terraform AWS WAFv2 code you can describe your protection with Policy-As-Code. These WAF rules can help stem the tide until applications in your network can be patched. While defining Terraform AWS WAFv2 protection is useful, we recommend a defense-in-depth approach.

This example requires the use of AWS Terraform Provider 3.67.0 or greater.

ref: https://github.com/radiusmethod/aws-wafv2-log4jrce-terraform-snippet

Code item sample content

Written By

We are in an active state of fighting invisible war whether we know it or not. This is what fuels me to want to help organizations understand their objectives and protect them

Related Posts