Spring Boot server Web Observations DoS Vulnerability
CVE-2023-34055

6.5MEDIUM

Key Information:

Vendor: Spring
Status: Spring Boot
Vendor: CVE Published:; 28 November 2023

What is CVE-2023-34055?

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

the application uses Spring MVC or Spring WebFlux
org.springframework.boot:spring-boot-actuator is on the classpath

Affected Version(s)

Spring Boot Windows 2.7.0 < 2.7.18

Spring Boot Windows 3.0.0 < 3.0.13

Spring Boot Windows 3.1.0 < 3.1.6

References

https://spring.io/security/cve-2023-34055

https://security.netapp.com/advisory/ntap-20231221-0010/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2023
Vulnerability Reserved
May 25, 2023