Related Articles

KB45117 - CVE-2022-22963: Spring4Shell RCE Vulnerability

KB45132 - Can WAF help protect against CVE-2022-22965 Spring Framework RCE vulnerability?

KB44944 - Can PulseSecure Web Application Firewall Module help protect against log4j/jndi vunerabilities?

KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities?

KB45095 - Could not connect to MDM web service with error stating please verify Tenant ID/ClientID. Enable MDM API Trace event to help determine problem

KB40981 - How to capture web traffic using fiddler web debugging tool to help debug rewrite issues

SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack

KB43928 - How to configure Common Vulnerability and Exposure (CVE) Check Rules for Windows OS using Host Checker

KB29483 - Tools checking for vulnerability to CVE-2014-0224 show false positives on 7.2, 7.3

KB45126 - CVE-2022-22965: Spring framework 0-day remote code execution vulnerability.

< Back to search results

Article

KB45131 - Can WAF help protect against CVE-2022-22963 Spring4Shell RCE Vulnerability?

« Go Back

Information

Last Modified Date	4/4/2022 1:39 PM

Synopsis

Problem or Goal

Cause

Solution

This article is about protecting non-Pulse servers with Pulse WAF. For vulnerability status of Pulse products, see separate KB45117.

PulseSecure Web Application Firewall Module can help protect back-end application from CVE-2022-22963. For that, add a "RequiredHeaderFieldHandler" to the respective application and path, and set following as "invalid_header_pattern":

spring.cloud.function.routing-expression:.*

Related Links

Attachment 1

Created By	Andy Chernyak