Main Vulnerability Database Exploits ID:4555 - Exploit for Path traversal in Spring Cloud Config - CVE-2019-3799

ID:4555 - Exploit for Path traversal in Spring Cloud Config - CVE-2019-3799

Published: September 1, 2020

Vulnerability identifier: #VU18426

Vulnerability risk: Medium

CVE-ID: CVE-2019-3799

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Spring Cloud Config

Link to public exploit:

https://github.com/DSO-Lab/defvul

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists because the spring-cloud-config-server module of the affected software allows applications to serve static resources from a file system. A remote attacker can send a specially crafted HTTP request and read, overwrite or delete arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:4555 - Exploit for Path traversal in Spring Cloud Config - CVE-2019-3799

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human