Reset Search
 

 

Article

KB45132 - Can WAF help protect against CVE-2022-22965 Spring Framework RCE vulnerability?

« Go Back

Information

 
Last Modified Date4/4/2022 1:45 PM
Synopsis
Problem or Goal
Cause
Solution
This article is about protecting non-Pulse servers with Pulse WAF. For vulnerability status of Pulse products, see separate KB45126.

PulseSecure Web Application Firewall Module can help protect back-end application from CVE-2022-22965.
For that, add "InvalidArgsHandler" to the respective application and path and add following "invalid_key_value_pattern":
 
.*class\.module\.classLoader.*
Related Links
Attachment 1 
Created ByAndy Chernyak

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255