Reset Search
 

 

Article

KB45131 - Can WAF help protect against CVE-2022-22963 Spring4Shell RCE Vulnerability?

« Go Back

Information

 
Last Modified Date4/4/2022 1:39 PM
Synopsis
Problem or Goal
Cause
Solution
This article is about protecting non-Pulse servers with Pulse WAF. For vulnerability status of Pulse products, see separate KB45117.

PulseSecure Web Application Firewall Module can help protect back-end application from CVE-2022-22963. For that, add a "RequiredHeaderFieldHandler" to the respective application and path, and set following as "invalid_header_pattern":
 
spring.cloud.function.routing-expression:.*
Related Links
Attachment 1 
Created ByAndy Chernyak

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255