Spring Framework server Web Observations DoS Vulnerability
CVE-2023-34053

7.5HIGH

Key Information:

Vendor: Spring
Status: Spring Framework
Vendor: CVE Published:; 28 November 2023

What is CVE-2023-34053?

In versions 6.0.0 to 6.0.13 of the Spring Framework, a vulnerability exists that can allow attackers to craft specific HTTP requests, resulting in a denial-of-service (DoS) condition. This issue is present when an application utilizes Spring MVC or Spring WebFlux, includes the io.micrometer:micrometer-core in the classpath, and has an ObservationRegistry configured to record observations. Typically, applications built with Spring Boot require the org.springframework.boot:spring-boot-actuator dependency to satisfy these conditions, thus increasing the risk of service disruption.

Affected Version(s)

Spring Framework Windows 6.0.0 < 6.0.14

References

https://spring.io/security/cve-2023-34053

https://security.netapp.com/advisory/ntap-20231214-0007/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2023
Vulnerability Reserved
May 25, 2023