1242 matches found
Spring Boot Welcome Page Denial of Service
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache. Specifically, an application is vulnerable if all of the condition...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
Default configuration
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
CVE-2023-20883
CVE-2023-20883 : DoS potential in Spring Boot / Spring MVC when used with a reverse proxy cache. Affects Spring Boot versions 3.0.0–3.0.6; 2.7.0–2.7.11; 2.6.0–2.6.14; 2.5.0–2.5.14 and older unsupported releases. IBM security bulletin corroborates this and lists a remediation: upgrade IBM Library ...
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...
IceCMS 安全漏洞
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . An access control error vulnerability exists in IceCMS v1.0.0, which stems from improper access control in the system and can be exploited by an attacker to cause sensitive information leakage...
CVE-2023-20883
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...
This Week in Spring - May 23rd, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 23rd and, famously, nothing major has happened in the last week OH WAIT WE RELEASED SPRING BOOT 3.1! Have you checked it out yet? It's dope. I did a Spring Tips installment looking at some of its features here that y...
VMware Spring Boot < 2.5.15, 2.6.x < 2.6.15, 2.7.x < 2.7.12, 3.0.x < 3.0.7 DoS Vulnerability
VMware Spring Boot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2023-17687 · Spring · Spring Boot
Name of the Vulnerable Software and Affected Versions: Spring Boot versions 2.5.0 through 2.5.14 Spring Boot versions 2.6.0 through 2.6.14 Spring Boot versions 2.7.0 through 2.7.11 Spring Boot versions 3.0.0 through 3.0.6 Spring Boot older unsupported versions Description: There is potential for ...
A Bootiful Podcast: Grubhub's Josh Burns on Kotlin, Spring Boot, and more
We're crossing the streams, again! This time Josh Long talks to Grubhub's John Burns twitter: @wakingrufus mastodon: @[email protected] about dogfooding human food, Grubhub's tech stack, and more...
This Week in Spring - May 16th 2023
My friends, Spring Boot 3.1 is nearly upon us! It drops on 18 May, in just a few short days! There are a ton of amazing features in this new release and I hope you're already trying it out you know where. Here are some of my favorite features: Built in Docker Compose support - Have a...
Path Traversal
spring-boot-actuator-logview is vulnerable to Path Traversal. The vulnerability exists in the securityCheck function of LogViewEndpoint.java because it does not properly validate relative paths, allowing an attacker to access files outside the expected directory through the path such as /usr/outn...
CVE-2023-29986
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
CVE-2023-29986
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
Directory traversal
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...
Lukashinsch Spring Boot Actuator Logview 路径遍历漏洞
Lukashinsch Spring Boot Actuator Logview is a codebase by Lukashinsch, an individual developer, that provides Spring Boot with the ability to view logs through a web interface. A security vulnerability exists in Lukashinsch Spring Boot Actuator Logview version 0.2.13. An attacker could exploit th...