CVE-2021-22113 — MEDIUM (5.3)

Q: How severe is CVE-2021-22113?

CVE-2021-22113 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22113?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Netflix Zuul.

Vulnerability Description

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Vmware	Spring Cloud Netflix Zuul	<= 2.2.6

Related Weaknesses (CWE)

CWE-863

References

https://tanzu.vmware.com/security/cve-2021-22113Vendor Advisory
https://tanzu.vmware.com/security/cve-2021-22113Vendor Advisory

FAQ

What is CVE-2021-22113?

CVE-2021-22113 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests...

How severe is CVE-2021-22113?

CVE-2021-22113 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22113?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Cloud Netflix Zuul.