Skip to content
Nuclei Templates

CloudFront Insecure Origin SSL Protocols

ID: cloudfront-insecure-protocol

Severity: medium

Author: DhiyaneshDK

Tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config

Description

Section titled “Description”

Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.

YAML Source

Section titled “YAML Source”
id: cloudfront-insecure-protocol


info:
  name: CloudFront Insecure Origin SSL Protocols
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.
  impact: |
    Insecure SSL protocols for CloudFront origins can expose sensitive data to interception and compromise, increasing the risk of man-in-the-middle attacks.
  remediation: |
    Configure your CloudFront distribution to enforce the use of secure SSL/TLS protocols (TLS 1.2 or higher) for all origins and disable support for outdated protocols like SSLv3 and TLS 1.0/1.1.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
    - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config


variables:
  region: "us-west-2"


flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }


self-contained: true


code:
  - engine:
      - sh
      - bash


    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json


    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'


  - engine:
      - sh
      - bash


    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginSslProtocols.Items | []' --region $region --output json


    matchers:
      - type: word
        words:
          - "SSLv3"


    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Uses SSLv3 Protocol in" + distribution'
# digest: 490a0046304402203f82a403b2d5299d4e40fe21ec8d29df8dca63b594e26c055fb1aea9e3b183e9022070d55cd893d231f70803f0755dfbf169c2917ea01d600a785c3b5e5e4277a9ae:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml"

View on Github