In spring security versions before 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring security |
||
oracle financial services crime and compliance management studio 8.0.8.2.0 |
||
oracle financial services crime and compliance management studio 8.0.8.3.0 |
||
netapp active iq unified manager - |