Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities

🗓️ 25 Oct 2024 00:00:00Reported by TenableType

Spring Framework 5.3.41 / 6.0.x 6.0.25 / 6.1.x 6.1.14 Path Traversal Vulnerabilitie

Reporter	Title	Published	Views	Family All 295
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233	8 Oct 202515:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench	30 Oct 202520:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in VMware Tanzu Spring [CVE-2024-38816]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	7 Mar 202515:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library	23 Oct 202511:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820.	7 Apr 202519:13	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management	10 Apr 202614:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager	20 Aug 202502:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge	11 Mar 202619:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	26 Oct 202218:06	–	ibm

Source	Link
spring	www.spring.io/security/cve-2024-38819
spring	www.spring.io/security/cve-2024-38820
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(209652);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/28");

  script_cve_id("CVE-2024-38819", "CVE-2024-38820");
  script_xref(name:"IAVA", value:"2024-A-0679-S");

  script_name(english:"Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web application framework that is affected by a path traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a Spring Framework version is affected by a path traversal vulnerability. 

  - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are 
    vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the 
    file system that is also accessible to the process in which the Spring application is running. This is similar 
    to CVE-2024-38816, but with different input. (CVE-2024-38819)

  - The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, 
    String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected 
    as expected. (CVE-2024-38820)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://spring.io/security/cve-2024-38819");
  script_set_attribute(attribute:"see_also", value:"https://spring.io/security/cve-2024-38820");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Spring Framework version 5.3.41, 6.0.25, 6.1.14 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38819");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-38820");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pivotal_software:spring_framework");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("spring_jar_detection.nbin");

  exit(0);
}

include('vcf.inc');

var app_info =  vcf::get_app_info(app:'Spring Framework');

var constraints = [
  { 'fixed_version':'5.3.41' },
  { 'min_version':'6.0', 'fixed_version': '6.0.25' },
  { 'min_version':'6.1', 'fixed_version':'6.1.14' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

28 Mar 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 25

CVSS 3.15.3 - 7.5

EPSS0.9389

SSVC