spring-security-web and spring-web are vulnerable to security bypass with static resources. Spring uses the output of getPathInfo() when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value from getPathInfo(). Using this knowledge, attackers can bypass security constraints by using encoded characters.
Veracode Software Composition Analysis
getPathInfo()
when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value fromgetPathInfo()
. Using this knowledge, attackers can bypass security constraints by using encoded characters.Links: