Main Vulnerability Database Exploits ID:5933 - Exploit for Path traversal in Spring Cloud Config - CVE-2019-3799

ID:5933 - Exploit for Path traversal in Spring Cloud Config - CVE-2019-3799

Published: June 17, 2021

Vulnerability identifier: #VU18426

Vulnerability risk: Medium

CVE-ID: CVE-2019-3799

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Spring Cloud Config

Link to public exploit:

https://www.exploit-db.com/exploits/46772/

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists because the spring-cloud-config-server module of the affected software allows applications to serve static resources from a file system. A remote attacker can send a specially crafted HTTP request and read, overwrite or delete arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:5933 - Exploit for Path traversal in Spring Cloud Config - CVE-2019-3799

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human