Lucene search
K

193 matches found

Prion
Prion
added 2023/11/28 9:15 a.m.25 views

Design/Logic Flaw

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

4CVSS6.8AI score0.01219EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/28 9:15 a.m.6 views

UBUNTU-CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References3
CVE
CVE
added 2023/11/28 8:27 a.m.164 views

CVE-2023-34055

CVE-2023-34055 concerns denial-of-service in Spring Boot when using Spring MVC/WebFlux and the actuator JAR on the classpath. Affected are Spring Boot versions 2.7.0–2.7.17, 3.0.0–3.0.12, and 3.1.0–3.1.5. The DoS condition arises from specially crafted HTTP requests; exploitation requires the aff...

6.5CVSS6.2AI score0.01219EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/28 8:27 a.m.24 views

CVE-2023-34055 Spring Boot server Web Observations DoS Vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

5.3CVSS6.8AI score0.01219EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/28 8:10 a.m.41 views

CVE-2023-34053 Spring Framework server Web Observations DoS Vulnerability

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

5.3CVSS7.7AI score0.0115EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/11/28 8:10 a.m.32 views

CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

7.5CVSS6.8AI score0.0115EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.5 views

PT-2023-7931 · Spring · Spring Boot

Name of the Vulnerable Software and Affected Versions: Spring Boot versions 2.7.0 through 2.7.17 Spring Boot versions 3.0.0 through 3.0.12 Spring Boot versions 3.1.0 through 3.1.5 Description: The issue is related to the Spring Boot framework, where an application can be vulnerable to a...

6.8CVSS6.5AI score0.01219EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.33 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-005)

The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-005 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux,...

9.8CVSS7.8AI score0.99677EPSS
Exploits105References6
Amazon
Amazon
added 2023/09/25 12:0 a.m.10 views

Important: tomcat

Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...

9.8CVSS7AI score0.99677EPSS
Exploits105
Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: tomcat

Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...

9.8CVSS7AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2023/09/02 10:41 a.m.356 views

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell: CVE-2022-22965 RCE Java Spring framework RCE...

9.8CVSS9.2AI score0.99677EPSS
Exploits100
OSV
OSV
added 2023/07/19 3:15 p.m.38 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.8CVSS7.2AI score0.03465EPSS
Exploits1References2
CVE
CVE
added 2023/07/19 2:16 p.m.300 views

CVE-2023-34034

CVE-2023-34034 is documented in IBM security bulletins as affecting VMware Tanzu Spring Security when using "**" as a pattern in WebFlux configuration, causing a pattern-matching bypass. The IBM bulletin assigns a CVSS v3.0 base score of 9.1 (Impact: Confidentiality High, Integrity High, Availabi...

9.8CVSS9.2AI score0.03465EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/07/18 7:16 a.m.27 views

Improper Neutralization Of HTTP Headers

Spring HATEOS is vulnerable to Improper Neutralization Of HTTP Headers. The vulnerability is due to not sanitizing or stripping the "Forwarded", "X-Forwarded-Host", "X-Forwarded-Port" or "X-Forwarded-Proto" headers. This can allow an attacker to spoof these headers values thereby bypassing securi...

5.3CVSS6.8AI score0.00403EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/17 12:30 p.m.0 views

GHSA-7M5C-FGWF-MWPH Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...

5.3CVSS5.9AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.7 views

PT-2023-3578 · Spring · Spring Webflux

Name of the Vulnerable Software and Affected Versions: Spring WebFlux versions affected versions not specified Description: Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a...

10CVSS7.8AI score0.03465EPSS
Exploits2References32
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.30 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3...

9.8CVSS9.1AI score0.99677EPSS
Exploits100Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/10/20 12:45 p.m.144 views

CVE-2022-31684: Reactor Netty HTTP Server may log request headers

The Reactor Netty 1.0.24 release on October 11 included fix for CVE-2022-31684 affecting Reactor Netty HTTP Server. Users are encouraged to update as soon as possible. Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot...

1.2AI score0.00604EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/01 12:45 a.m.50 views

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

Summary IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

9.8CVSS9.1AI score0.99677EPSS
Exploits100Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 8:7 p.m.99 views

Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spri...

9.8CVSS9.2AI score0.99677EPSS
Exploits100Affected Software1
Rows per page
Query Builder