this post was submitted on 16 Jun 2023
2 points (100.0% liked)

Cloud Security

693 readers
1 users here now

Preventing storms.

Rules

  1. Be excellent to each other!
  2. Use the article title as the submission title. Do not editorialize the title or add your own commentary to the article title.
  3. No vendor spam. Zero tolerance for content marketing.

founded 1 year ago
MODERATORS
0xCBE@infosec.pub
2
Writeup: AWS API Gateway header smuggling and cache confusion (securityblog.omegapoint.se)
submitted 1 year ago by Captain@infosec.pub to c/cloudsecurity@infosec.pub
0 comments fedilink hide all child comments
 

"This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system"

Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here