Veracode Vulnerability DatabaseVERACODE:35201Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
Spring Security OAuth is vulnerable to denial of service. The vulnerability exists due to a lack of restriction of the number of request initiating the Authorization Request for the Authorization Code Grant allowing an attacker to exhaust the system resources sending multiple requests with a single session.
References
github.com/spring-projects/spring-security-oauth/commit/2b58aafecac336e82f20ea43da9b208b0a4a40dd
github.com/spring-projects/spring-security-oauth/commit/3379a36e64c13e4118c7e179f3a874a64de5f5a2
github.com/spring-projects/spring-security-oauth/commit/e96d2c738757146234c7e8a1962a7a755776b512
github.com/spring-projects/spring-security-oauth/issues/142
spring.io/blog/2022/04/21/cve-report-published-for-spring-security-oauth
tanzu.vmware.com/security/cve-2022-22969
www.oracle.com/security-alerts/cpujul2022.html
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P