medium

ALB HTTP request smuggling

Published Fri, Oct 4th, 2019
Platforms

Summary

ALBs found vulnerable to HTTP request smuggling (desync attack).

Affected Services

ALB

Remediation

Configure setting on your ALBs

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/0xdabbad00
Entry Status
Finalized
Disclosure Date
Fri, Oct 4th, 2019
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
James Kettle (Portswigger), Arkadiy Tetelman (Chime)

More vulnerabilities...

medium

ALB HTTP request smuggling

ALBs found vulnerable to HTTP request smuggling (desync attack).

James Kettle (Portswigger),...

medium

ALB HTTP request smuggling

ALBs found vulnerable to HTTP request smuggling (desync attack).

James Kettle (Portswigger),...

medium

ALB HTTP request smuggling

ALBs found vulnerable to HTTP request smuggling (desync attack).

James Kettle (Portswigger),...

View all