CVE-2023-20883Uncontrolled Resource Consumption in Vmware Spring Boot

CWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Spring Boot
Timeline
PublishedMay 26
Latest updateJan 15

Description

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDvmware/spring_boot2.6.02.6.14+3
CVEListV5vmware/spring_bootSpring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions

🔴Vulnerability Details

3
GHSA
Spring Boot Welcome Page Denial of Service2023-05-26
OSV
Spring Boot Welcome Page Denial of Service2023-05-26
CVEList
CVE-2023-20883: In Spring Boot versions 32023-05-26

📋Vendor Advisories

3
Oracle
Oracle Oracle Communications Applications Risk Matrix: PSR Designer (Spring Boot) — CVE-2023-208832024-01-15
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Spring Boot) — CVE-2023-208832023-10-15
Red Hat
spring-boot: Spring Boot Welcome Page DoS Vulnerability2023-05-18
CVE-2023-20883 — Uncontrolled Resource Consumption | cvebase