medium

Azure Front Door client-side desync

Published Tue, Jun 27th, 2023
Platforms

Summary

A client-side desync vulnerability was discovered in Front Door, one of Azure's CDN solutions, caused by mishandling of the 'Content-Length' header in HTTP requests. Exploiting this vulnerability would most likely require user interaction through social engineering (such as clicking on a malicious link), but could allow an attacker to steal session cookies or forge responses to victim requests.

Affected Services

Azure Front Door

Remediation

null

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Mon, May 8th, 2023
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Jeti