A vulnerability (CVE-2023-50969) has been identified in Imperva's SecureSphere WAF, allowing rule bypass during POST requests. By sending multiple invalid Content-Encoding headers and discarded parameters, attackers can deceive the WAF into misinterpreting data. The discovery was made by Hoya Haxa. An in-depth technical analysis and mitigation strategies should be provided in a blog post.
For more details, check out the original tweet here: https://twitter.com/__kokmt/status/1774760569549345098