medium

AWS WAF configuration allows SQL injection

Published Sun, Oct 3rd, 2021

Platforms

Summary

AWS WAF using the Core Rules set allowed SQL injection. In AWS WAF only the first 8 KB (8,192 bytes) of the request body are forwarded to AWS WAF for inspection, but AWS Managed rules allowed requests up to 10 KB. An attacker could send a request larger than 8 KB but smaller than 10 KB, with a malicious payload located after the first 8,192 bytes, and thereby pass the WAFs inspection. To fix this issue, AWS reduced the request size limit to 8 KB.

Affected Services

AWS WAF

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-changelog.html

Contributed by https://github.com/mer-b

Disclosure Date

Fri, Sep 3rd, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Osama Elnaggar

More vulnerabilities...

low

Azure AD Seamless SSO logging bypass

Azure Active Directory Seamless Single Sign-On feature allowed single-factor brute-force attacks against Azure AD without generating sign-in events in the targeted organization’s tenant.

Secureworks

Wed, Sep 29th, 2021

low

Exfiltrate data via the logs of GCP Org policy

Upon blocking a request, GCP Org policy constraints were logging the deny logs in Principal''s project and the blocking project. An attacker could use those logs to exfiltrate any data, by making r...

Jonathan Rault, TrustOnCloud

Wed, Sep 22nd, 2021

high

AWS Workspace client RCE

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

David Yesland, Rhino Security

Tue, Sep 21st, 2021

View all