medium

Azure WAF managed rule set globbing pattern bypass

Published Fri, Jul 1st, 2022

Platforms

Summary

Azure Web Application Firewall (WAF) with OWASP 3.2 managed rule set and below was vulnerable to command injection bypass using globbing patterns (incorporating the wildcard "?" in command syntax). For example, while attempting access to "/etc/passwd" would be blocked, a command targeting "/et?/passwo?d" would be allowed.

Affected Services

Azure WAF

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://medium.com/secjuice/waf-evasion-techniques-718026d693d8 https://medium.com/bugbountywriteup/module-1-introduction-pentesting-bypassing-cloud-waf-fun-profit-75f315951aa8 https://twitter.com/justm0rph3u5/status/1542943538857799680

Contributed by https://github.com/justmorpheus

Disclosure Date

Thu, Jun 24th, 2021

Exploitablity Period

until July 16th, 2021

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Divyanshu Shukla

More vulnerabilities...

medium

FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation

A vulnerability in Service Fabric allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. An attacker...

Aviv Sasson, Palo Alto Netw...

Tue, Jun 28th, 2022

high

Azure Open Management Infrastructure (OMI) Elevation of Privilege

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that allowed privilege escalation (note that this vulnerability is different than OMIGOD, which also resided in th...

Microsoft

Tue, Jun 14th, 2022

medium

Privilege escalation and file poisoning in Synapse Analytics

Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that of the root user within the context of a Spark VM. They also discovered a separate flaw th...

Tenable

Mon, Jun 13th, 2022

View all