206 matches found
Improper Access Control
org.springframework.security:spring-security-config is vulnerable to Improper Access Control. The vulnerability exists due to lack of checks in multiple files, which allows an attacker to use as a pattern in the configurations for WebFlux, creating a mismatch in pattern matching, resulting in a...
Access Control Bypass in Spring Security
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
CVE-2023-34034 is documented in IBM security bulletins as affecting VMware Tanzu Spring Security when using "**" as a pattern in WebFlux configuration, causing a pattern-matching bypass. The IBM bulletin assigns a CVSS v3.0 base score of 9.1 (Impact: Confidentiality High, Integrity High, Availabi...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
VMware Spring Security 安全漏洞
VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security that stems from the presence of a pattern matching mismatch that could lead to a security...
PCRE2 输入验证错误漏洞
PCRE2 is PCRE2Project open source set of C functions. Use the same syntax and semantics as Perl5 to achieve regular expression pattern matching . A security vulnerability exists in PCRE2 versions prior to 10.41, which stems from an integer overflow problem in pcre2test that allows an attacker to...
Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2023-20860]
Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2023-20860 Vulnerability Details...
Administration Console authentication bypass in openfire xmppserver
An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...
K000134500: Spring Framework vulnerability CVE-2023-20860
Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860)
The remote host contains a Spring Framework version is affected by a security bypass vulnerability. Using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...
Security Bypass
spring-webmvc is vulnerable to Security Bypass. The vulnerability exists because using "" as a pattern in spring security configuration with the mvcRequestMatcher which creates a mismatch in pattern matching between Spring Security and Spring MVC and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
Security feature bypass
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
CVE-2023-20860 affects Spring Framework 6.0.0–6.0.6 and 5.3.0–5.3.25 where using ** as a pattern in Spring Security’s mvcRequestMatcher can cause a mismatch with Spring MVC pattern matching, creating a potential security bypass. Remediation: upgrade to fixed releases; IBM’s advisory notes a patch...