spring-framework – WindowsTechs.com

how is CVE-2021-22044 risky

Posted on November 5, 2024 by Anonymous

I am looking at this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-22044
The description says:

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to
2.2.9.RELEASE, and older unsupported versions, applications using type-level @Reque… Continue reading how is CVE-2021-22044 risky→

Master Java & Spring for Just $39.99 with This Bundle

Posted on September 25, 2024 by TechRepublic Academy

Using this bundle’s six courses totaling 44 hours, you can equip yourself with the skills used by major companies in industries like finance and tech. Continue reading Master Java & Spring for Just $39.99 with This Bundle→

Trying to reproduce Log4J vulnerability

Posted on May 12, 2024 by yeppa

I’m trying to reproduce log4j vulnerability on my spring-boot java project. I know that version from 2.0 to 2.14.1 are vulnerable, i’m using the 2.14.1 version but but i’m not able to exploit it, this is the code on which I’ m using the l… Continue reading Trying to reproduce Log4J vulnerability→

j_spring_security_check – Stack trace Error [closed]

Posted on March 15, 2024 by infosec_learner

When logging in to the application, on providing incorrect creds the application shows j_spring_security_check – Stack Trace Error.
Is it a security vulnerability or not? as it helps an attacker to get an idea of the backend stack and narr… Continue reading j_spring_security_check – Stack trace Error [closed]→

Am I exploitable to CVE-2023-20862?

Posted on May 11, 2023 by ethicalhacker

I am trying to analyze whether I am exploitable to the new CVE in spring security.
As per Spring they mention the following:
Specifically, an application is vulnerable when any of the following is true:

You are using the SecurityContextHo… Continue reading Am I exploitable to CVE-2023-20862?→

Jsoup XSS attack with URL encoded input

Posted on January 15, 2023 by Yuval Simhon

I’m having a Spring Web Application that exposes REST APIs.
I have implemented XSS filter using Jsoup that strips the input using Safelist.NONE.
The penetration testing team raised a concern where the input field content is URL encoded, th… Continue reading Jsoup XSS attack with URL encoded input→

Migrate OAuth 2.0 to OAuth 2.1

Posted on November 2, 2022 by Peter Penzov

I have a old Spring Cloud gateway working with Keyclock server. I don’t have Web UI for login because the project is a Rest API. OAuth 2.0 is used with Grant type password.
I want to migrate to OAuth 2.1 but Grant type password is deprecat… Continue reading Migrate OAuth 2.0 to OAuth 2.1→

Modelling authorization on the basis of authentication method

Posted on May 27, 2022 by SJuan76

At work we are starting to consider a replacement for an old system. The new system will use the Spring framework.
The security model is pretty simple: it is open to the general public. Each one of our customers can identify himself by one… Continue reading Modelling authorization on the basis of authentication method→

spring4shell correction in tomcat

Posted on April 7, 2022 by veronicam

We use Tomcat, and version Tomcat 9.0.62 is supposed to fix the spring4shell vuln. To what extent is it the case? Are we safe not to upgrade to the latest Spring version?

Continue reading spring4shell correction in tomcat→

Two different “VMware Spring” bugs at large – we cut through the confusion

Posted on March 31, 2022 by Paul Ducklin

Whoever came up with the name “Spring4Shell” didn’t help at all… we cut through the Spring Bug confusion Continue reading Two different “VMware Spring” bugs at large – we cut through the confusion→