ID:11000 - Exploit for Path traversal in Pivotal Spring Framework - CVE-2024-38819

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:11000 - Exploit for Path traversal in Pivotal Spring Framework - CVE-2024-38819

ID:11000 - Exploit for Path traversal in Pivotal Spring Framework - CVE-2024-38819

Published: December 19, 2024


Vulnerability identifier: #VU98796
Vulnerability risk: Medium
CVE-ID: CVE-2024-38819
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Pivotal Spring Framework

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


Remediation

Install update from vendor's website.