cloudfront-insecure-protocol: CloudFront Insecure Origin SSL Protocols

日期: 2025-08-01 | 影响软件: CloudFront | POC: 已公开

漏洞描述

Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.

PoC代码[已公开]

id: cloudfront-insecure-protocol

info:
  name: CloudFront Insecure Origin SSL Protocols
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.
  impact: |
    Insecure SSL protocols for CloudFront origins can expose sensitive data to interception and compromise, increasing the risk of man-in-the-middle attacks.
  remediation: |
    Configure your CloudFront distribution to enforce the use of secure SSL/TLS protocols (TLS 1.2 or higher) for all origins and disable support for outdated protocols like SSLv3 and TLS 1.0/1.1.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config

variables:
  region: "us-west-2"

flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }

self-contained: true

code:
  - engine:
      - sh
      - bash

    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json

    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash

    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginSslProtocols.Items | []' --region $region --output json

    matchers:
      - type: word
        words:
          - "SSLv3"

    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Uses SSLv3 Protocol in" + distribution'
# digest: 490a0046304402203f82a403b2d5299d4e40fe21ec8d29df8dca63b594e26c055fb1aea9e3b183e9022070d55cd893d231f70803f0755dfbf169c2917ea01d600a785c3b5e5e4277a9ae:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml

相关漏洞推荐