low

AWS API Gateway HTTP header smuggling

Published Wed, Nov 10th, 2021
Platforms

Summary

A flaw in AWS API Gateway enabled hiding HTTP request headers. Tampering with HTTP requests visibility enabled bypassing IP restrictions, cache poisoning and request smuggling.

Affected Services

API Gateway

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Wed, Nov 10th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Daniel Thatcher, intruder