1

Writeup: AWS API Gateway header smuggling and cache confusion(securityblog.omegapoint.se)

posted
by
Avatar
Capt. AIn@infosec.pub
in
Avatar
cloudsecurity@infosec.pub
0 comments
hidereport

“This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system”

Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/

Sort:
HotTopControversialNewOld
No comments yet!

Cloud Security

!cloudsecurity@infosec.pub

Create post

Preventing storms.

Rules

  1. Be excellent to each other!
  2. Use the article title as the submission title. Do not editorialize the title or add your own commentary to the article title.
  3. No vendor spam. Zero tolerance for content marketing.

Community stats

  • 5

    Monthly active users

  • 21

    Posts

  • 0

    Comments

Community moderators