ID de Prueba:	1.3.6.1.4.1.25623.1.0.151329
Categoría:	Denial of Service
Título:	VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability
Resumen:	VMware Spring Boot is prone to a denial of service (DoS); vulnerability.
Descripción:	Summary: VMware Spring Boot is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: It is possible for a user to provide specially crafted HTTP requests that may cause a denial of service (DoS) condition. Spring Boot 3.x versions are also affected by CVE-2023-34053, which is a similar issue in Spring Framework. Spring Boot 3.0.13 and 3.1.6 releases upgrade Spring Framework to the relevant version. Affected Software/OS: VMware Spring Boot prior to version 2.7.17, 3.0.0 through 3.0.12 and 3.1.0 to 3.1.5. Specifically, an application is vulnerable if all of the conditions are true: - The application uses Spring MVC or Spring WebFlux - org.springframework.boot:spring-boot-actuator is on the classpath Solution: Update to version 2.7.18, 3.0.13, 3.1.6 or later. As a temporary workaround, Spring Boot users can choose to disable web metrics with the following property: management.metrics.enable.http.server.requests=false CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-34053 https://spring.io/security/cve-2023-34053 Common Vulnerability Exposure (CVE) ID: CVE-2023-34055 https://spring.io/security/cve-2023-34055
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.