Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Researcher Bypasses Akamai WAFResearcher Bypasses Akamai WAF
Patched several months ago, researcher reports how they used Spring Boot to sneak past Akamai's firewall and remotely execute code.
1 Min Read
Source: Ronstik via Alamy Stock Photo
Akamai's Web application firewall (WAF) is intended to fend off potential attacks like distributed denial-of-service (DDoS), but a researcher discovered a way to bypass its protections by using complex payloads to confuse its rules.
The researcher, known as Peter H., along with Usman Mansha, said Akamai has since patched against the vulnerability, which was not assigned a CVE number. In the write-up, Peter H. explained how he used a vulnerable version of Spring Boot to bypass WAF protections.
"We ended up able to bypass Akamai WAF and achieve Remote Code Execution (P1) using Spring Expression Language injection on an application running Spring Boot," the GitHub explanation of the Akamai WAF RCE find explained. "This was the 2nd RCE via SSTI we found on this program, after the 1st one, the program implemented a WAF which we were able to bypass in a different part of the application."
About the Author
You May Also Like
More Insights
Webinars
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025
_vska_Alamy_.jpg?width=700&auto=webp&quality=80&disable=upscale)