Test Kennung:	1.3.6.1.4.1.25623.1.0.151329
Kategorie:	Denial of Service
Titel:	VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability
Zusammenfassung:	VMware Spring Boot is prone to a denial of service (DoS); vulnerability.
Beschreibung:	Summary: VMware Spring Boot is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: It is possible for a user to provide specially crafted HTTP requests that may cause a denial of service (DoS) condition. Spring Boot 3.x versions are also affected by CVE-2023-34053, which is a similar issue in Spring Framework. Spring Boot 3.0.13 and 3.1.6 releases upgrade Spring Framework to the relevant version. Affected Software/OS: VMware Spring Boot prior to version 2.7.17, 3.0.0 through 3.0.12 and 3.1.0 to 3.1.5. Specifically, an application is vulnerable if all of the conditions are true: - The application uses Spring MVC or Spring WebFlux - org.springframework.boot:spring-boot-actuator is on the classpath Solution: Update to version 2.7.18, 3.0.13, 3.1.6 or later. As a temporary workaround, Spring Boot users can choose to disable web metrics with the following property: management.metrics.enable.http.server.requests=false CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-34053 https://spring.io/security/cve-2023-34053 Common Vulnerability Exposure (CVE) ID: CVE-2023-34055 https://spring.io/security/cve-2023-34055
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.