CVE-2022-22978 Spring Security Authorization Bypass in RegexRequestMatcher

# CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can...

CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.

Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.

References:

Vulnerability Environment

After server is started, browse to http://your-ip:8080/admin to see that access to the admin page is blocked.

Vulnerability Reproduce

Send the following request to access the admin page:

  • 发表于 2024-07-12 18:51:19
  • 阅读 ( 2647 )
  • 分类:开发框架

0 条评论

请先 登录 后评论
带头大哥
带头大哥

456 篇文章

站长统计