1124 matches found
Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
Memory corruption
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
This Week in Spring - January 23rd, 2024
Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...
Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades
In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...
Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)
Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...
This Week in Spring - December 19th, 2023
Hi, Spring fans! Welcome to another oh-so-festive edition of This Week in Spring! the Spring Authorization Server 1.2.1, 1.1.14, and 0.4.5, are now available Spring AMQP 3.1.1 is now available Spring Security 5.8.9, 6.1.6, 6.2.1 are now available Spring for Apache Kakfa 3.1.1 is now available...
Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining CVE-2023-34042
Summary There is a vulnerability in Spring Security that could allow a local authenticated attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0), com.sap.cds:cds-starter-k8s (>=2.2.0 <=2.4.0) +5 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:spring-security (>=3.0.0 <=3.2.1)
com.sap.cloud.security:spring-security MAVEN version =3.0.0, =2.2.0, =2.2.0, =1.0.4, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...
com.sap.cloud.security:resourceserver-security-spring-boot-starter (>=0.1.0 <=2.16.0) potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:spring-security (>=0.1.0 <=2.16.0)
com.sap.cloud.security:spring-security MAVEN version =0.1.0, =0.1.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...
Security Bulletin: IBM Automation Decision Services November 2023 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could...
This Week in Spring - December 12th, 2023
Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...
Exploit for Improper Preservation of Permissions in Vmware Spring_Security
cve-2023-34034 Demonstration of CVE-2023-34034 aut...
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...