Endpoint/Device Security, Vulnerability Management

New attack evades major IT vendors’ web application firewalls

Share

Palo Alto Networks, Amazon Web Services, Cloudflare, Imperva, and F5 web application firewalls could be bypassed through a novel attack exploiting the JSON data sharing format, SecurityWeek reports. Claroty researchers who used an SQLMap open source exploitation tool discovered that major IT vendors' WAFs lacked JSON syntax support for inspecting SQL injections, enabling the concealment of the malicious SQL code from the WAFs. While JSON syntax support has already been added by all the affected vendors in response to the findings, other WAFs could still be vulnerable to the attack. "Attackers using this novel technique could access a backend database and use additional vulnerabilities and exploits to exfiltrate information via either direct access to the server or over the cloud. This is especially important for OT and IoT platforms that have moved to cloud-based management and monitoring systems. WAFs offer a promise of additional security from the cloud; an attacker able to bypass these protections has expansive access to systems," said Claroty.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.