1. Home
  2. Vulnerabilities
  3. CVE-2021-22113

CVE-2021-22113

CVSS v3.1 5.3 (Medium)
53% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.08 % (36th)
0.08% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

Weaknesses
CWE-863
Incorrect Authorization
CVE Status
PUBLISHED
CNA
VMware
Published Date
2021-02-23 17:15:13
(3 years ago)
Updated Date
2021-03-02 15:44:14
(3 years ago)

Affected Products

Vmware

Configuration #1

    CPE23 From Up To
  Vmware Spring Cloud Netflix Zuul 2.2.6 and prior versions cpe:2.3:a:vmware:spring_cloud_netflix_zuul <= 2.2.6