Denial-of-Service Vulnerability in Spring Boot by VMware
CVE-2023-20883

7.5HIGH

Key Information:

Vendor: Vmware
Status: Spring Boot
Vendor: CVE Published:; 26 May 2023

Summary

A vulnerability exists in various versions of Spring Boot where the combination of Spring MVC and a reverse proxy cache may lead to a denial-of-service (DoS) attack. This can allow attackers to exploit the affected application, causing potential service disruptions and unavailability. Users are encouraged to review their versions and apply security updates as necessary to mitigate this risk.

Affected Version(s)

Spring Boot Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions

References

https://spring.io/security/cve-2023-20883

https://security.netapp.com/advisory/ntap-20230703-0008/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2023
Vulnerability Reserved
Nov 1, 2022