VU#722229: Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
The Radware Cloud Web Application Firewall (WAF) suffers from filter bypass vulnerabilities. Attackers can bypass the WAF using specifically crafted HTTP requests, especially with the GET method. Adding random data to the GET request body can circumvent WAF protections. Another bypass method involves utilizing special characters within requests. The WAF's input validation inadequately filters these special characters. These vulnerabilities allow malicious inputs to reach the protected web application. This means attackers can launch attacks without being detected by the firewall. The reported vulnerabilities have apparently been fixed. Radware did not acknowledge the initial findings upon disclosure. Oriol Gegundez is credited for discovering and reporting the issues.