The application does not check the actual request dispatcher type. If a higher privilege-level dispatcher type is received, the filter chain will be bypassed, resulting in authorization rule execution. For example, if an application receives a request using Spring XML Dispatcher and expects it to be handled by a lower-privilege-level dispatcher type, such as HTTP or file, the request will be forwarded or included to the higher-privilege-level dispatcher type and the intended action will be performed. To work around this issue, ensure that you: Validate your application code to ensure that it only handles dispatcher types that it expects to receive.
Configure the FilterChainProxy if you are forwarding or including requests to a dispatcher type that you do not expect to receive.
CVE-2023-31693
The application does not check for HTTP status code 404 when the action is DELETE. If a higher privilege-level dispatcher type is received, the filter chain will be bypassed, resulting in authorization rule execution. For example, if an application receives a request using Spring XML Dispatcher and expects it to be handled by a lower-privilege-level dispatcher type, such as HTTP or file, the request will be forwarded or included to the higher-privilege-level dispatcher type and the intended action will be performed. To work around this issue, ensure that you: Validate your application code to ensure that it only handles DELETE requests sent by your lower-privilege-level dispatcher types
Configure the FilterChainProxy if you are forwarding or including requests to a dispatcher type that you do not expect to receive.
Timeline
Published on: 10/31/2022 20:15:00 UTC
Last modified on: 12/15/2022 19:15:00 UTC