Overview
- Description
- Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
#Vulnerability #CVE202438816 CVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions https://t.co/3jJPweFx9s
@Komodosec
22 Oct 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38816
@transilienceai
20 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38816
@transilienceai
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38816
@transilienceai
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat Alert: Spring Framework Vulnerability CVE-2024-38819: Path Traversal Risk in Web Apps CVE-2024-38819 CVE-2024-38816 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/h668fXpj06 #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
68 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes