Linux Distros Unpatched Vulnerability : CVE-2024-38807

🗓️ 26 Aug 2025 00:00:00Reported by TenableType

Spring Boot loader apps with custom nested-jar signature verification may allow forgery (CVE-2024-38807).

Reporter	Title	Published	Views	Family All 29
Circl	CVE-2024-38807	23 Aug 202412:06	–	circl
CNNVD	VMware Spring Boot 安全漏洞	23 Aug 202400:00	–	cnnvd
CVE	CVE-2024-38807	23 Aug 202408:26	–	cve
Cvelist	CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader	23 Aug 202408:26	–	cvelist
Debian CVE	CVE-2024-38807	23 Aug 202408:26	–	debiancve
EUVD	EUVD-2024-2526	3 Oct 202520:07	–	euvd
Github Security Blog	Signature forgery in Spring Boot's Loader	23 Aug 202409:30	–	github
NCSC	Vulnerabilities fixed in Oracle Communications	22 Jan 202513:30	–	ncsc
NVD	CVE-2024-38807	23 Aug 202409:15	–	nvd
OpenVAS	VMware Spring Boot 2.7.x < 2.7.22, 3.0.x < 3.0.17, 3.1.x < 3.1.13, 3.2.x < 3.2.9, 3.3.x < 3.3.3 Signature Forgery Vulnerability - Linux	24 Sep 202400:00	–	openvas

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-38807
ubuntu	www.ubuntu.com/security/CVE-2024-38807
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(255597);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_cve_id("CVE-2024-38807");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2024-38807");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that
    performs signature verification of nested jar files may be vulnerable to signature forgery where content
    that appears to have been signed by one signer has, in fact, been signed by another. (CVE-2024-38807)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-38807");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2024-38807");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38807");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libspring-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-java");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14", "Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04", "Host/OS/Ubuntu Linux-22.04", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libspring-aop-java"},
          {"reference": "libspring-beans-java"},
          {"reference": "libspring-context-java"},
          {"reference": "libspring-context-support-java"},
          {"reference": "libspring-core-java"},
          {"reference": "libspring-expression-java"},
          {"reference": "libspring-instrument-java"},
          {"reference": "libspring-jdbc-java"},
          {"reference": "libspring-jms-java"},
          {"reference": "libspring-messaging-java"},
          {"reference": "libspring-orm-java"},
          {"reference": "libspring-oxm-java"},
          {"reference": "libspring-test-java"},
          {"reference": "libspring-transaction-java"},
          {"reference": "libspring-web-java"},
          {"reference": "libspring-web-portlet-java"},
          {"reference": "libspring-web-servlet-java"}
        ]
      }
    ]
  },
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "libspring-aop-java"},
          {"reference": "libspring-beans-java"},
          {"reference": "libspring-context-java"},
          {"reference": "libspring-context-support-java"},
          {"reference": "libspring-core-java"},
          {"reference": "libspring-expression-java"},
          {"reference": "libspring-instrument-java"},
          {"reference": "libspring-jdbc-java"},
          {"reference": "libspring-jms-java"},
          {"reference": "libspring-messaging-java"},
          {"reference": "libspring-orm-java"},
          {"reference": "libspring-oxm-java"},
          {"reference": "libspring-test-java"},
          {"reference": "libspring-transaction-java"},
          {"reference": "libspring-web-java"},
          {"reference": "libspring-web-portlet-java"},
          {"reference": "libspring-web-servlet-java"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "libspring-aop-java"},
          {"reference": "libspring-beans-java"},
          {"reference": "libspring-context-java"},
          {"reference": "libspring-context-support-java"},
          {"reference": "libspring-core-java"},
          {"reference": "libspring-expression-java"},
          {"reference": "libspring-instrument-java"},
          {"reference": "libspring-jdbc-java"},
          {"reference": "libspring-jms-java"},
          {"reference": "libspring-messaging-java"},
          {"reference": "libspring-orm-java"},
          {"reference": "libspring-oxm-java"},
          {"reference": "libspring-test-java"},
          {"reference": "libspring-transaction-java"},
          {"reference": "libspring-web-java"},
          {"reference": "libspring-web-portlet-java"},
          {"reference": "libspring-web-servlet-java"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "libspring-aop-java"},
          {"reference": "libspring-beans-java"},
          {"reference": "libspring-context-java"},
          {"reference": "libspring-context-support-java"},
          {"reference": "libspring-core-java"},
          {"reference": "libspring-expression-java"},
          {"reference": "libspring-instrument-java"},
          {"reference": "libspring-jdbc-java"},
          {"reference": "libspring-jms-java"},
          {"reference": "libspring-messaging-java"},
          {"reference": "libspring-orm-java"},
          {"reference": "libspring-oxm-java"},
          {"reference": "libspring-test-java"},
          {"reference": "libspring-transaction-java"},
          {"reference": "libspring-web-java"},
          {"reference": "libspring-web-portlet-java"},
          {"reference": "libspring-web-servlet-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.04",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "libspring-java"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

21 May 2026 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 3.16.3

EPSS0.00036

SSVC