VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability

2024-01-2200:00:00

plugins.openvas.org

vmware spring framework

denial of service

dos

specially crafted http requests

vulnerability

fixed version

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

The VMware Spring Framework is prone to a denial of service
(DoS) vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:vmware:spring_framework";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.114297");
  script_version("2024-01-30T14:37:03+0000");
  script_tag(name:"last_modification", value:"2024-01-30 14:37:03 +0000 (Tue, 30 Jan 2024)");
  script_tag(name:"creation_date", value:"2024-01-22 13:56:15 +0000 (Mon, 22 Jan 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-01-29 17:24:00 +0000 (Mon, 29 Jan 2024)");

  script_cve_id("CVE-2024-22233");

  # nb: See affected tag for specific constraints / requirements for being vulnerable.
  script_tag(name:"qod_type", value:"executable_version_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_vmware_spring_framework_consolidation.nasl");
  script_mandatory_keys("vmware/spring/framework/detected");

  script_tag(name:"summary", value:"The VMware Spring Framework is prone to a denial of service
  (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"In Spring Framework it is possible for a user to provide
  specially crafted HTTP requests that may cause a DoS condition.");

  script_tag(name:"affected", value:"VMware Spring Framework versions 6.0.15 and 6.1.2 only. Older
  versions are not affected.

  Specifically, an application is vulnerable when all of the following are true:

  - the application uses Spring MVC

  - Spring Security 6.1.6+ or 6.2.1+ is on the classpath

  Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and
  org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.");

  script_tag(name:"solution", value:"Update to version 6.0.16, 6.1.3 or later.");

  script_xref(name:"URL", value:"https://spring.io/security/cve-2024-22233/");
  script_xref(name:"URL", value:"https://spring.io/blog/2024/01/11/spring-framework-6-1-3-and-6-0-16-available-now/");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_equal(version: version, test_version: "6.0.15")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.0.16", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_is_equal(version: version, test_version: "6.1.2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.1.3", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);