Test ID:	1.3.6.1.4.1.25623.1.0.113996
Category:	Denial of Service
Title:	VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Linux
Summary:	The VMware Spring Framework is prone to multiple denial of; service (DoS) vulnerabilities.
Description:	Summary: The VMware Spring Framework is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2022-22970: Spring Framework DoS via Data Binding to MultipartFile or Servlet Part Denial of Service (DoS) attack in Spring MVC or Spring WebFlux applications that handle file uploads and rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. - CVE-2022-22971: Spring Framework DoS with STOMP over WebSocket Denial of service (DoS) attack by authenticated users in Spring applications with a STOMP over WebSocket endpoint. Affected Software/OS: VMware Spring Framework versions prior to 5.2.22 and 5.3.x prior to 5.3.20. Solution: Update to version 5.2.22, 5.3.20 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-22970 https://security.netapp.com/advisory/ntap-20220616-0006/ https://tanzu.vmware.com/security/cve-2022-22970 https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2022-22971 https://security.netapp.com/advisory/ntap-20220616-0003/ https://tanzu.vmware.com/security/cve-2022-22971
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.