GSD-2022-1002524

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002524.json
Published
2022-05-30T16:26:29.213070Z
Modified
2022-05-30T16:26:29.213070Z
Details

In Amazon Elastic Load Balancer (ELB) prior to 2022-01-29 when "Legacy cache settings" is enabled an input validation (CWE-20) vulnerability exists in the HTTP Header processing that can be attacked via the network (using a trailing space in the requests) resulting in HTTP Header Smuggling.

References

Affected packages

GSD / Elastic Load Balancer (ELB)

Elastic Load Balancer (ELB)

Affected ranges

Affected versions

Other

ELB prior to 2022-01-29 when "Legacy cache settings" is enabled