AWS WAF and mod_security Apache module were affected by a scientific notation bug discovered back in 2013 that allowed to bypass the WAF to successfully exploit a SQL injection vulnerability.