A WAF bypass utilizing Headers has been discovered, allowing attackers to evade Web Application Firewalls. This technique can also be leveraged for password reset poisoning attacks. Organizations using any WAF are at risk from this bypass method. For more technical details and mitigation strategies, read the full blog post.
Original tweet: https://twitter.com/majix_de/status/1797522668775964815