CVE-2023-20883 – spring-boot: Spring Boot Welcome Page DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack. • https://security.netapp.com/advisory/ntap-20230703-0008 https://spring.io/security/cve-2023-20883 https://access.redhat.com/security/cve/CVE-2023-20883 https://bugzilla.redhat.com/show_bug.cgi?id=2209342 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-20873 – spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
https://notcve.org/view.php?id=CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. • https://security.netapp.com/advisory/ntap-20230601-0009 https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now https://spring.io/security/cve-2023-20873 https://access.redhat.com/security/cve/CVE-2023-20873 https://bugzilla.redhat.com/show_bug.cgi?id=2231491 • CWE-284: Improper Access Control •
CVE-2022-27772
https://notcve.org/view.php?id=CVE-2022-27772
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer spring-boot versiones anteriores a v2.2.11.RELEASE eran vulnerables a un secuestro de directorios temporales. Esta vulnerabilidad afectaba al método org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir. NOTA: Esta vulnerabilidad sólo afecta a productos y/o versiones que ya no son soportadas por el mantenedor • https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-26987
https://notcve.org/view.php?id=CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. Element Plug-in para vCenter Server incorpora SpringBoot Framework. Las versiones de SpringBoot Framework anteriores a 1.3.2 son susceptibles a una vulnerabilidad que, cuando es explotada con éxito, podría conllevar a una ejecución de código remota. • https://security.netapp.com/advisory/ntap-20210315-0001 •
CVE-2018-1196
https://notcve.org/view.php?id=CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. Spring Boot soporta un script de inicio embebido que puede emplearse para ejecuta fácilmente la aplicación como servicio de linux systemd o init.d. • https://pivotal.io/security/cve-2018-1196 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •