Vulnerabilities > CVE-2023-34055 - Unspecified vulnerability in VMWare Spring Boot

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

vmware

NVD

Published: 2023-11-28

Updated: 2023-12-21

Summary

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Boot 3.1.0 Vmware Spring Boot 3.1.1 Vmware Spring Boot 3.1.2 Vmware Spring Boot 3.0.0 Vmware Spring Boot 3.0.1 Vmware Spring Boot 3.0.2 Vmware Spring Boot 3.0.3 Vmware Spring Boot 3.0.4 Vmware Spring Boot 3.0.5 Vmware Spring Boot 3.0.6 Vmware Spring Boot 3.0.7 Vmware Spring Boot 3.0.8 Vmware Spring Boot 3.0.9 Vmware Spring Boot 2.7.0 Vmware Spring Boot 2.7.1 Vmware Spring Boot 2.7.2 Vmware Spring Boot 2.7.3 Vmware Spring Boot 2.7.4 Vmware Spring Boot 2.7.5 Vmware Spring Boot 2.7.6 Vmware Spring Boot 2.7.7 Vmware Spring Boot 2.7.8 Vmware Spring Boot 2.7.9 Vmware Spring Boot 2.7.10 Vmware Spring Boot 2.7.11 Vmware Spring Boot 2.7.12 Vmware Spring Boot 2.7.13 Vmware Spring Boot 2.7.14	33

Summary

Vulnerable Configurations

References