{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/722229#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nThe Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these vulnerabilities can perform additional attacks without interference from the firewall.\r\n\r\n### Description\r\nThe Radware Cloud Web Application Firewall can be bypassed by means of a crafted HTTP request. If random data is included in the HTTP request body with a HTTP GET method, WAF protections may be bypassed. It should be noted that this evasion is only possible for those requests that use the HTTP GET method.\r\n\r\nAnother way the Radware Cloud WAF can be bypassed is if an attacker adds a special character to the request. The firewall fails to filter these requests and allows for various payloads to reach the underlying web application.\r\n\r\n### Impact\r\nAn attacker with knowledge of these vulnerabilities can bypass filtering. This allows malicious inputs to reach the underlying web application.\r\n\r\n### Solution\r\nThe vulnerabilities appear to be fixed (see reference URL below). Initially Radware did not acknowledge the reporter's findings when they were first disclosed. As of June 4, 2025, Radware has reached out to the SEI and has stated that Radware acknowledges the vulnerability and appreciates the responsible disclosure. Additionally, Radware has fixed the issue and published a technical knowledge base article covering the CVE and attributing the discovery to Oriol Gegundez.\r\n\r\n### Acknowledgements\r\nThanks to Oriol Gegundez for reporting this issue. This document was written by Kevin Stephens and Ben Koo.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/722229"},{"url":"https://support.radware.com/app/answers/answer_view/a_id/1056102","summary":"https://support.radware.com/app/answers/answer_view/a_id/1056102"}],"title":"Radware Cloud Web Application Firewall Vulnerable to Filter Bypass","tracking":{"current_release_date":"2025-06-11T23:46:24+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#722229","initial_release_date":"2025-05-07 20:16:39.601252+00:00","revision_history":[{"date":"2025-06-11T23:46:24+00:00","number":"1.20250611234624.4","summary":"Released on 2025-06-11T23:46:24+00:00"}],"status":"final","version":"1.20250611234624.4"}},"vulnerabilities":[{"title":"It has been detected that it is possible to bypass WAF protections.","notes":[{"category":"summary","text":"It has been detected that it is possible to bypass WAF protections. The vulnerability exists due to insufficient validation of user-supplied input when processing NULL byte character. A remote attacker can pass specially crafted input to the application that contains a NULL byte (%00) and bypass WAF rules."}],"cve":"CVE-2024-56524","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#722229"}]},{"title":"It has been detected that it is possible to bypass WAF protections by means of a specially forged HTTP request.","notes":[{"category":"summary","text":"It has been detected that it is possible to bypass WAF protections by means of a specially forged HTTP request. If random data is included in the HTTP request body but HTTP GET method is kept, WAF protections are bypassed. It should be noted that this evasion is only possible for those requests that use the HTTP GET method."}],"cve":"CVE-2024-56523","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#722229"}]}],"product_tree":{"branches":[]}}