Alert number: KAIFA-KSIRT-202409-19
Published : 2024/9/19
Updated on : 2024/9/19
1. Vulnerability Overview
The Spring Framework is a Java application framework designed to provide an efficient and extensible development environment.
Recently, it was detected that a path traversal vulnerability (CVE-2024-38816) was fixed in the Spring Framework. Threat actors can construct malicious HTTP requests to access any files that the Spring application process has access to on the target file system, resulting in data leakage.
Affected users are advised to conduct self-inspection of their assets and take preventive measures to avoid hacker attacks.
2. Versions and fixes
|
Affected Products |
Patched version |
Affected versions |
|
Spring Framework |
5.3.40 |
Spring Framework 5.3.0 - 5.3.39 |
|
Spring Framework |
6.0.24 |
Spring Framework 6.0.0 - 6.0.23 |
|
Spring Framework |
6.1.13 |
Spring Framework 6.1.0 - 6.1.12 |
III. Impact and Consequences
Threat actors can construct malicious HTTP requests to access any file that the Spring application process has access to on the target file system, resulting in data leakage.
Vulnerability Scoring
Vulnerability using KAIFA AMI scoring rules for grading
Final score: 7.5
V. Technical Details
The precondition for exploiting the vulnerability is when the web application uses RouterFunctions to serve static resources and the application uses FileSystemResource or similar configuration to serve static files from the file system.
Vulnerability details:
Recently, a path traversal vulnerability (CVE-2024-38816) was detected in the Spring Framework. In the affected version of Spring Framework, applications that use WebMvc.fn or WebFlux.fn (in Spring Web MVC or Spring WebFlux framework) to provide static resources are vulnerable to path traversal attacks. When the web application uses RouterFunctions to provide static resources and the application uses FileSystemResource or similar configurations to provide static files from the file system, the threat actor can construct a malicious HTTP request to access any file that the Spring application process has access to on the target file system, resulting in data leakage.
6. Circumvention Measures
none
7. Version acquisition path
Services that support automatic updates will receive system update prompts, and users can perform system updates to fix the vulnerabilities. Or they can manually download official website plug-ins to update and fix the vulnerabilities.
8. Vulnerability Source
Supplier notification
IX. Update Records
KAIFA-KSIRT-Initial
10. FAQs
none
11. Developing external security response services
K AIFA has always advocated doing its utmost to protect the ultimate interests of product users, following the principle of responsible disclosure of security incidents, and handling product safety issues through the product safety issue handling mechanism.
12. Statement
This document is provided "as is" without any express, implied or statutory warranty, including (but not limited to) the warranty of merchantability, fitness for purpose and non-infringement. In no event shall K AIFA or its directly or indirectly controlled subsidiaries, or its suppliers, be liable for any loss, including direct, indirect, incidental, consequential loss of business profits or special damages. You shall bear all legal liabilities arising from the use of this document in any way. K AIFA may modify or update the content and information contained in this document at any time.