Test ID:	1.3.6.1.4.1.25623.1.0.151329
Category:	Denial of Service
Title:	VMware Spring Boot 2.7.0 - 2.7.17, 3.0.0 - 3.0.12, 3.1.0 - 3.1.5 DoS Vulnerability
Summary:	VMware Spring Boot is prone to a denial of service (DoS); vulnerability.
Description:	Summary: VMware Spring Boot is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: It is possible for a user to provide specially crafted HTTP requests that may cause a denial of service (DoS) condition. Spring Boot 3.x versions are also affected by CVE-2023-34053, which is a similar issue in Spring Framework. Spring Boot 3.0.13 and 3.1.6 releases upgrade Spring Framework to the relevant version. Affected Software/OS: VMware Spring Boot prior to version 2.7.17, 3.0.0 through 3.0.12 and 3.1.0 to 3.1.5. Specifically, an application is vulnerable if all of the conditions are true: - The application uses Spring MVC or Spring WebFlux - org.springframework.boot:spring-boot-actuator is on the classpath Solution: Update to version 2.7.18, 3.0.13, 3.1.6 or later. As a temporary workaround, Spring Boot users can choose to disable web metrics with the following property: management.metrics.enable.http.server.requests=false CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-34053 https://spring.io/security/cve-2023-34053 Common Vulnerability Exposure (CVE) ID: CVE-2023-34055 https://spring.io/security/cve-2023-34055
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.