VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:vmware:spring_framework";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.113905");
  script_version("2024-01-23T05:05:19+0000");
  script_tag(name:"last_modification", value:"2024-01-23 05:05:19 +0000 (Tue, 23 Jan 2024)");
  script_tag(name:"creation_date", value:"2022-04-19 10:56:39 +0000 (Tue, 19 Apr 2022)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-05-10 18:49:00 +0000 (Tue, 10 May 2022)");

  script_cve_id("CVE-2022-22968");

  script_name("VMware Spring Framework < 5.2.21, 5.3.x < 5.3.19 Data Binding Rules Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_vmware_spring_framework_consolidation.nasl");
  script_mandatory_keys("vmware/spring/framework/detected");

  script_xref(name:"URL", value:"https://tanzu.vmware.com/security/cve-2022-22968");
  script_xref(name:"URL", value:"https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968");

  script_tag(name:"summary", value:"The VMware Spring Framework is prone to a data binding rules
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"In Spring Framework the patterns for disallowedFields on a
  DataBinder are case sensitive which means a field is not effectively protected unless it is listed
  with both upper and lower case for the first character of the field, including upper and lower
  case for the first character of all nested fields within the property path.");

  script_tag(name:"affected", value:"VMware Spring Framework versions prior to 5.2.21 and 5.3.x
  prior to 5.3.19.

  The following are the requirements for an environment to be affected to this specific
  vulnerability:

  - Registration of 'disallowed field patterns' in a 'DataBinder'

  - spring-webmvc or spring-webflux dependency

  - an affected version of the Spring Framework");

  script_tag(name:"solution", value:"Update to version 5.2.21, 5.3.19 or later.");

  # nb: See affected tag for specific constraints / requirements for being vulnerable.
  script_tag(name:"qod_type", value:"executable_version_unreliable");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_is_less( version:version, test_version:"5.2.21" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"5.2.21/5.3.19", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if( version_in_range_exclusive( version:version, test_version_lo:"5.3.0", test_version_up:"5.3.19" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"5.3.19", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );