Input validation error in Pivotal Spring Framework

#VU83582 Input validation error in Pivotal Spring Framework

Published: 2023-11-29

Vulnerability identifier: #VU83582

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34053

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Pivotal Spring Framework
Server applications / Frameworks for developing and running applications

Vendor: Pivotal

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Pivotal Spring Framework: 6.0.0 - 6.0.13

External links
http://spring.io/security/cve-2023-34053

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Oracle Communications BRM - Elastic Charging Engine

Multiple vulnerabilities in Management Cloud Engine

Input validation error in IBM Process Mining

Multiple vulnerabilities in IBM Cloud Pak for AIOps

Input validation error in IBM InfoSphere Information Server

Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Multiple vulnerabilities in IBM QRadar Suite Software

Multiple vulnerabilities in Oracle Communications Network Analytics Data Director

Multiple DoS vulnerabilities in Spring Boot server Web Observations

Denial of service in Spring Framework