medium

ALB HTTP request smuggling

Published Fri, Oct 4th, 2019

Platforms

Summary

ALBs found vulnerable to HTTP request smuggling (desync attack).

Affected Services

ALB

Remediation

Configure setting on your ALBs

Tracked CVEs

No tracked CVEs

References

https://twitter.com/arkadiyt/status/1180174359840862209 https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Fri, Oct 4th, 2019

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

James Kettle (Portswigger), Arkadiy Tetelman (Chime)

More vulnerabilities...

high

Google App Engine RCE Worth $36k

Researcher discovered access to non-production Google App Engine environments and internal APIs. This allowed configuring internal settings like Service Account IDs and quotas. Google considered it...

Ezequiel Pereira

Sat, Aug 31st, 2019

medium

AWS IAM role credential exfiltration via EC2 Instance Metadata Service (IMDSv1)

AWS offers a metadata service accessible to most EC2 Instances via a simple GET request to 169.254.169.254. If an instance has an SSRF vulnerability, attackers can access the metadata service & exf...

Sun, Aug 4th, 2019

high

IAM privilege escalation via undocumented CodeStar API

The AWS CodeStar service had an undocumented API (codestar:CreateProjectFromTemplate) that allowed users with broadly-scoped CodeStar permissions to create a CodeStar project. As part of the creati...

Spencer Gietzen, Rhino Secu...

Tue, Jun 18th, 2019

View all