The tweet discusses a widespread misconfiguration that impacts major WAF vendors like Akamai, Cloudflare, Fastly, and Imperva, leading to detection evasion and information leakage. Zafran claims that this misconfiguration affects a significant portion of the world's web applications, which are protected by these vendors. The issue is related to architecture flaws when integrating WAF and CDN, specifically concerning origin leaks. This poses a serious security risk and highlights the importance of addressing configuration vulnerabilities in WAF and CDN setups.
For more details, check out the original tweet here: https://twitter.com/__kokumoto/status/1866811996181762141