About
Announcements
Contribute information
medium
ALB HTTP request smuggling
Published Fri, Oct 4th, 2019
Platforms
Summary
ALBs found vulnerable to HTTP request smuggling (desync attack).
Affected Services
ALB
Remediation
Configure setting on your ALBs
Tracked CVEs
No tracked CVEs
References
https://twitter.com/arkadiyt/status/1180174359840862209
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes
Contributed by
https://github.com/0xdabbad00
Entry Status
Finalized
Disclosure Date
Fri, Oct 4th, 2019
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
James Kettle (Portswigger), Arkadiy Tetelman (Chime)
More vulnerabilities...
medium
ALB HTTP request smuggling
ALBs found vulnerable to HTTP request smuggling (desync attack).
James Kettle (Portswigger),...
Fri, Oct 4th, 2019
medium
ALB HTTP request smuggling
ALBs found vulnerable to HTTP request smuggling (desync attack).
James Kettle (Portswigger),...
Fri, Oct 4th, 2019
medium
ALB HTTP request smuggling
ALBs found vulnerable to HTTP request smuggling (desync attack).
James Kettle (Portswigger),...
Fri, Oct 4th, 2019
View all