CVE-2021-22113
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.
Unas aplicaciones que usan la funcionalidad de "Sensitive Headers" en Spring Cloud Netflix Zuul versiones 2.2.6.RELEASE y anteriores, pueden ser vulnerables al omitir la restricción "Sensitive Headers" cuando se ejecutan peticiones con URL especialmente construidas. Unas aplicaciones que usan StrictHttpFirewall de Spring Security (habilitado por defecto para todas las URL) no están afectadas por la vulnerabilidad, ya que rechazan unas peticiones que permiten la omisión
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-02-23 CVE Published
- 2023-11-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2021-22113 | 2021-03-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Spring Cloud Netflix Zuul Search vendor "Vmware" for product "Spring Cloud Netflix Zuul" | <= 2.2.6 Search vendor "Vmware" for product "Spring Cloud Netflix Zuul" and version " <= 2.2.6" | - |
Affected
| ||||||