Expand my Community achievements bar.

Adobe Summit 2025: AEM Session Recordings Are Live! Missed a session or want to revisit your favorites? Watch the latest recordings now.

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

AEM Security Vulnerability (Bypassing CDN and Dispatcher)

Avatar

Level 2

Hello All,

 

we have pretty strong dispatcher and CDN blockers restricting only required URL's. What we noticed that once we identify a valid content path for a site, its pretty much easy to by pass CDN and dispatcher eventually increasing the CPU Utilization. If its a planned dynamic IP flood of HTTP requests with valid URL, all such requests will reach AEM (Given an example scenario)

 

Home Page - /content/site/country/language/home.html

Vulnerable URL - /content/site/country/language/home123.html (any number of such URL's can be formed and triggered from simple hacking tools)

 

Has anyone come across such use case, as I feel its pretty much a key vulnerability.

 

Recommendation from Core Engg team was to limit requests coming through CDN to a specific amount and increase AEM infra.

 

Please share in your thoughts..

 

Thanks

Abdul

0 Replies