Mitigating Recently Disclosed Code Execution Vulnerability In Apache Druid Using Advanced WAF
Recently a new deserialization gadget was published that may lead to arbitrary code execution when deserialized by sending an HTTP request containing crafted JSON data in the request body.
Figure 1: Attack vector example
Mitigating the vulnerability with Advanced WAF
Advanced WAF customers under any supported version are already protected against this vulnerability. The exploitation attempt will be detected by existing Java code injection attack signatures which can be found in signature sets that include the “Server Side Code Injection” attack type.
Figure 2: Exploit blocked with attack signature 200003437