Lucene search

[email protected]CVE-2023-34054

HistoryNov 28, 2023 - 9:15 a.m.

CVE-2023-34054

2023-11-2809:15:07

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

643

cve

2023

34054

denial of service

dos

reactor

netty

http server

vulnerability

micrometer

integration

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

CPENameOperatorVersion
pivotal:reactor_nettypivotal reactor nettylt1.0.39
pivotal:reactor_nettypivotal reactor nettyeq0.9.5
pivotal:reactor_nettypivotal reactor nettyeq0.9.10
pivotal:reactor_nettypivotal reactor nettyeq0.7.13
pivotal:reactor_nettypivotal reactor nettyeq0.8.14
pivotal:reactor_nettypivotal reactor nettyeq0.7.0
pivotal:reactor_nettypivotal reactor nettyeq0.8.0
pivotal:reactor_nettypivotal reactor nettyeq1.0.5
pivotal:reactor_nettypivotal reactor nettyeq0.7.2
pivotal:reactor_nettypivotal reactor nettyeq0.8.13

CPE	Name	Operator	Version
pivotal:reactor_netty	pivotal reactor netty	lt	1.0.39
pivotal:reactor_netty	pivotal reactor netty	eq	0.9.5
pivotal:reactor_netty	pivotal reactor netty	eq	0.9.10
pivotal:reactor_netty	pivotal reactor netty	eq	0.7.13
pivotal:reactor_netty	pivotal reactor netty	eq	0.8.14
pivotal:reactor_netty	pivotal reactor netty	eq	0.7.0
pivotal:reactor_netty	pivotal reactor netty	eq	0.8.0
pivotal:reactor_netty	pivotal reactor netty	eq	1.0.5
pivotal:reactor_netty	pivotal reactor netty	eq	0.7.2
pivotal:reactor_netty	pivotal reactor netty	eq	0.8.13

Rows per page:

1-10 of 1211

References

spring.io/security/cve-2023-34054

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

Related for CVE-2023-34054

github1 osv1 prion1 veracode1 cgr1 ibm5