Lucene search
K

216 matches found

F5 Networks
F5 Networks
added 2023/05/08 7:57 a.m.38 views

K000134500: Spring Framework vulnerability CVE-2023-20860

Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.7AI score0.03514EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/05/04 12:0 a.m.89 views

Spring Framework 5.3.x < 5.3.26 / 6.0.x < 6.0.7 Security Bypass (CVE-2023-20860)

The remote host contains a Spring Framework version is affected by a security bypass vulnerability. Using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.8AI score0.03514EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2023/04/20 9:33 p.m.245 views

Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users...

9.8CVSS6AI score0.01122EPSS
Exploits0References11Affected Software1
CNNVD
CNNVD
added 2023/04/20 12:0 a.m.23 views

Spring Framework 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...

9.8CVSS8AI score0.01122EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2023/04/20 12:0 a.m.5 views

Security Bypass With Wildcard Pattern Matching on Cloud Foundry

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are true: NOTE:...

9.8CVSS7.3AI score0.01122EPSS
Exploits0
Veracode
Veracode
added 2023/03/30 2:11 a.m.37 views

Security Bypass

spring-webmvc is vulnerable to Security Bypass. The vulnerability exists because using "" as a pattern in spring security configuration with the mvcRequestMatcher which creates a mismatch in pattern matching between Spring Security and Spring MVC and the potential for a security bypass...

7.5CVSS7.2AI score0.03514EPSS
Exploits1References4Affected Software3
NVD
NVD
added 2023/03/27 10:15 p.m.35 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS7.5AI score0.03514EPSS
Exploits1References2
Prion
Prion
added 2023/03/27 10:15 p.m.36 views

Security feature bypass

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

5CVSS7.4AI score0.03514EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/03/27 12:0 a.m.365 views

CVE-2023-20860

CVE-2023-20860 affects Spring Framework 6.0.0–6.0.6 and 5.3.0–5.3.25 where using ** as a pattern in Spring Security’s mvcRequestMatcher can cause a mismatch with Spring MVC pattern matching, creating a potential security bypass. Remediation: upgrade to fixed releases; IBM’s advisory notes a patch...

7.5CVSS7.4AI score0.03514EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2023/03/27 12:0 a.m.49 views

CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

7.5CVSS6.5AI score0.03514EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/03/21 12:0 a.m.39 views

VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Windows

The VMware Spring Framework is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.6AI score0.03514EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.8 views

PT-2023-2259

Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.25 Spring Framework versions 6.0.0 through 6.0.6 Description The issue is related to a mismatch in pattern matching between Spring Security and Spring MVC when using "" as a pattern in Spring Securit...

9.1CVSS6.7AI score0.03514EPSS
Exploits1References17
Microsoft CVE
Microsoft CVE
added 2023/03/07 8:0 a.m.5 views

Redis string pattern matching can be abused to achieve Denial of Service

...

5.5CVSS4.6AI score0.59706EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/01 3:46 p.m.35 views

CVE-2022-36021 Redis string pattern matching can be abused to achieve Denial of Service

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.7 views

SUSE CVE-2012-4506

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...

4.6CVSS6.7AI score0.02069EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.2 views

SUSE CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service crash or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats...

5CVSS8.8AI score0.06505EPSS
Exploits0References29
Github Security Blog
Github Security Blog
added 2023/01/14 12:30 p.m.25 views

Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.01553EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/14 12:30 p.m.25 views

GHSA-7CXR-H8WM-FG4C Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.01553EPSS
Exploits0References3
OSV
OSV
added 2023/01/14 10:15 a.m.2 views

DEBIAN-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.2AI score0.01553EPSS
Exploits0References1
NVD
NVD
added 2023/01/14 10:15 a.m.23 views

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.7AI score0.01553EPSS
Exploits0References2
Rows per page
Query Builder