medium

ALB HTTP request smuggling

Published Fri, Oct 4th, 2019
Platforms

Summary

ALBs found vulnerable to HTTP request smuggling (desync attack).

Affected Services

ALB

Remediation

Configure setting on your ALBs

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Fri, Oct 4th, 2019
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
James Kettle (Portswigger), Arkadiy Tetelman (Chime), null