|
|
|
|
|
|
by 0vermorrow
2436 days ago
|
|
|
So after the authors disclosed this issue to AWS it was fixed and CloudFront no longer caches 400 Bad Request by default, also from the paper linked on the website [0]: """
Amazon Web Services (AWS). We reported this issue to the AWSSecurity team. They
confirmed the vulnerabilities on CloudFront. The AWS-Security team stopped
caching error pages with the status code 400 Bad Request by default. However,
they took over three months to fix our CPDoS reportings. Unfortunately, the
overall disclosure process was characterized by a one-way communication. We
periodically asked for the current state, without getting much information back
from the AWS-Security team. They never contacted us to keep us up to date with
the current process. """ [0] - https://cpdos.org/paper/Your_Cache_Has_Fallen__Cache_Poisone... |
|
|