The WAFFLED attack is a new technique that targets major Web Application Firewalls (WAFs) including AWS WAF, Azure WAF, Google Cloud Armor, Cloudflare, and ModSecurity. This attack exploits differences in how these WAFs parse incoming requests compared to how backend applications parse them. By leveraging these parsing discrepancies, attackers can craft payloads that bypass security filters implemented in these WAFs, allowing potentially malicious traffic to reach the application. The WAFFLED attack affects multiple WAF vendors, making it a significant universal bypass threat. The key to this bypass is the inconsistency between WAF parsing logic and application parsing logic, which attackers exploit to sneak in payloads that would normally be blocked. Organizations using these WAFs should review their configurations and consider additional defenses to mitigate risks associated with WAFFLED attacks.
Original tweet: https://twitter.com/The_Cyber_News/status/1946186692790272217