Researcher Bypasses Akamai WAF

Akamai’s Internet software firewall (WAF) is meant to fend off potential assaults like distributed denial-of-service (DDoS), however a researcher found a approach to bypass its protections through the use of advanced payloads to confuse its guidelines.

The researcher, generally known as Peter H., together with Usman Mansha, stated Akamai has since patched towards the vulnerability, which was not assigned a CVE quantity. Within the write-up, Peter H. defined how he used a weak model of Spring Boot to bypass WAF protections.

We ended up in a position to bypass Akamai WAF and obtain Distant Code Execution (P1) utilizing Spring Expression Language injection on an software working Spring Boot,” the GitHub clarification of the Akamai WAF RCE discover defined. “This was the 2nd RCE through SSTI we discovered on this program, after the first one, this system applied a WAF which we had been in a position to bypass in a unique a part of the appliance.”

Sustain with the newest cybersecurity threats, newly-discovered vulnerabilities, knowledge breach data, and rising developments. Delivered day by day or weekly proper to your e mail inbox.

Leave a Reply