Akamai WAF bypassed via Spring Boot to trigger RCE


UPDATED A researcher has revealed a method that might potentially provide remote code execution by getting through Spring Boot-based Akamai web application firewalls. The WAF from Akamai, which was fixed a few months ago, was created to reduce the danger of DDOS assaults and use adaptive technology to thwart known online security risks.

The assault, according to security researcher Peter M, also known by the alias “pmnh,” leveraged Spring Expression Language injection. The bug bounty hunter engaged a private Bugcrowd programme, and with the help of Synack pentester Usman Mansha, discovered the bypass.

Read More…