CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22976 – springframework: BCrypt skips salt rounds for work factor of 31
https://notcve.org/view.php?id=CVE-2022-22976
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. Spring Security versiones 5.5.x anteriores a 5.5.7, 5.6.x anteriores a 5.6.4 y versiones anteriores no soportadas, contienen una vulnerabilidad de desbordamiento de enteros. Cuando es usada la clase BCrypt con el máximo factor de trabajo (31), el codificador no lleva a cabo ninguna ronda salt, debido a un error de desbordamiento de enteros. • https://security.netapp.com/advisory/ntap-20220707-0003 https://tanzu.vmware.com/security/cve-2022-22976 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22976 https://bugzilla.redhat.com/show_bug.cgi?id=2087214 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 6CVE-2022-22978 – springframework: Authorization Bypass in RegexRequestMatcher
https://notcve.org/view.php?id=CVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedores de servlets. Las aplicaciones que utilizan RegexRequestMatcher con `.` en la expresión regular son posiblemente vulnerables a un bypass de autorización A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. • https://github.com/DeEpinGh0st/CVE-2022-22978 https://github.com/ducluongtran9121/CVE-2022-22978-PoC https://github.com/aeifkz/CVE-2022-22978 https://github.com/umakant76705/CVE-2022-22978 https://github.com/Raghvendra1207/CVE-2022-22978 https://github.com/wan9xx/CVE-2022-22978-demo https://spring.io/security/cve-2022-22978 https://access.redhat.com/security/cve/CVE-2022-22978 https://bugzilla.redhat.com/show_bug.cgi?id=2087606 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-22971 – springframework: DoS with STOMP over WebSocket
https://notcve.org/view.php?id=CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. En spring framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, la aplicación con un endpoint STOMP sobre WebSocket es vulnerable a un ataque de denegación de servicio por parte de un usuario autenticado A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user. • https://github.com/tchize/CVE-2022-22971 https://security.netapp.com/advisory/ntap-20220616-0003 https://tanzu.vmware.com/security/cve-2022-22971 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22971 https://bugzilla.redhat.com/show_bug.cgi?id=2087274 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22970 – springframework: DoS via data binding to multipartFile or servlet part
https://notcve.org/view.php?id=CVE-2022-22970
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. En spring Framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, las aplicaciones que manejan cargas de archivos son vulnerables a un ataque de denegación de servicio si dependen de la vinculación de datos para establecer un MultipartFile o javax.servlet.Part a un campo en un objeto modelo A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. • https://security.netapp.com/advisory/ntap-20220616-0006 https://tanzu.vmware.com/security/cve-2022-22970 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-22970 https://bugzilla.redhat.com/show_bug.cgi?id=2087272 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 13%CPEs: 77EXPL: 1CVE-2020-5421 – RFD Protection Bypass via jsessionid
https://notcve.org/view.php?id=CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante el uso de un parámetro de ruta jsessionid In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. • https://github.com/pandaMingx/CVE-2020-5421 https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.or •