VMware Spring Framework 6.0.0 - 6.0.13 DoS Vulnerability

2023-11-3000:00:00

plugins.openvas.org

vmware spring framework

denial of service

dos vulnerability

http requests

version 6.0.x

version 6.0.13

version 6.0.14

spring mvc

spring webflux

observationregistry

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

The VMware Spring Framework is prone to a denial of service
(DoS) vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:vmware:spring_framework";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.151333");
  script_version("2024-01-23T05:05:19+0000");
  script_tag(name:"last_modification", value:"2024-01-23 05:05:19 +0000 (Tue, 23 Jan 2024)");
  script_tag(name:"creation_date", value:"2023-11-30 07:50:14 +0000 (Thu, 30 Nov 2023)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-12-04 19:59:00 +0000 (Mon, 04 Dec 2023)");

  script_cve_id("CVE-2023-34053");

  # nb: See affected tag for specific constraints / requirements for being vulnerable.
  script_tag(name:"qod_type", value:"executable_version_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("VMware Spring Framework 6.0.0 - 6.0.13 DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_vmware_spring_framework_consolidation.nasl");
  script_mandatory_keys("vmware/spring/framework/detected");

  script_tag(name:"summary", value:"The VMware Spring Framework is prone to a denial of service
  (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"It is possible for a user to provide specially crafted HTTP
  requests that may cause a denial of service (DoS) condition.");

  script_tag(name:"affected", value:"VMware Spring Framework version 6.0.x through 6.0.13.

  Specifically, an application is vulnerable when all of the following are true:

  - the application uses Spring MVC or Spring WebFlux

  - io.micrometer:micrometer-core is on the classpath

  - an ObservationRegistry is configured in the application to record observations

  Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator
  dependency to meet all conditions.");

  script_tag(name:"solution", value:"Update to version 6.0.14 or later.");

  script_xref(name:"URL", value:"https://spring.io/security/cve-2023-34053");
  script_xref(name:"URL", value:"https://spring.io/blog/2023/11/16/spring-framework-5-3-31-and-6-0-14-available-now/");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range_exclusive(version: version, test_version_lo: "6.0.0", test_version_up: "6.0.14")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "6.0.14", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);