5.3

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellervmware
Produkt spring_framework
Default Statusunknown
Version <= 6.1.11
Version 6.1.0
Status affected
Version <= 6.0.22
Version 6.0.0
Status affected
Version <= 5.3.37
Version 5.3.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.85% 0.538
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@vmware.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://spring.io/security/cve-2024-38809
https://security.netapp.com/advisory/ntap-20240920-0003/