Описание
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true:
- the application is deployed as a WAR or with an embedded Servlet container
- the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization
- the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling
We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.
A path traversal flaw was found in the Spring Framework MVC, affecting applications built on this framework. This flaw only affects applications that are deployed as a WAR or with an embedded Servlet container, which do not reject suspicious sequences and serve static resources with Spring resource handling. See the Jakarta servlet documentation in the References section for more information.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | spring-webmvc | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | spring-webmvc | Fix deferred | ||
| Red Hat build of Apache Camel - HawtIO 4 | spring-webmvc | Fix deferred | ||
| Red Hat build of OptaPlanner 8 | spring-webmvc | Fix deferred | ||
| Red Hat Data Grid 8 | spring-webmvc | Not affected | ||
| Red Hat Enterprise Linux 8 | log4j:2/log4j | Fix deferred | ||
| Red Hat Enterprise Linux 8 | pki-core:10.6/resteasy | Fix deferred | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/resteasy | Fix deferred | ||
| Red Hat Enterprise Linux 9 | log4j | Fix deferred | ||
| Red Hat Enterprise Linux 9 | resteasy | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.
Spring Framework MVC applications can be vulnerable to a \u201cPath Tr ...
Spring Framework MVC Applications Path Traversal Vulnerability
Уязвимость контейнеров сервлетов программной платформы Spring Framework, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.9 Medium
CVSS3