Spring.Cloud.Gateway.Actuator.Endpoint.Remote.Code.Execution
Description
This indicates an attack attempt against a Remote Code Execution vulnerability in the Spring Cloud Gateway when the Gateway Actuator endpoint is enabled.
The vulnerability is caused by improper handling of a crafted HTTP request. A remote authenticated attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a crafted HTTP request.
Outbreak Alert
Known for exploiting vulnerabilities in web apps and databases to install coin miners on both Windows and Linux systems.
Affected Products
Spring Cloud Gateway 3.1.0
Spring Cloud Gateway 3.0.0 to 3.0.6
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22947
Version Updates
Date | Version | Detail |
---|---|---|
2022-03-31 | 0.00316 |