Spring.Security.RegexRequestMatcher.Authentication.Bypass
Description
This indicates an attack attempt against an Authentication Bypass vulnerability in Spring Security.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted request. Successful exploitation can potentially lead to information disclosure or privilege bypass.
Affected Products
Spring Security 5.5.x prior to 5.5.7
Spring Security 5.6.x prior to 5.6.4
Spring Security Earlier unsupported versions
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tanzu.vmware.com/security/cve-2022-22978
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2022-06-06 | 21.333 | Default_action:pass:drop |
2022-06-03 | 21.330 | Sig Added |
2022-06-02 | 21.329 | Sig Added |
2022-05-31 | 20.326 |