OneClick Spring Boot Vulnerability CVE-2023-34055

search cancel

OneClick Spring Boot Vulnerability CVE-2023-34055

book

Article ID: 278379

calendar_today

Updated On: 04-19-2024

Products

Network Observability Spectrum

Issue/Introduction

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12, and 3.1.0-3.1.5, a user can provide specially crafted HTTP
requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

the application uses Spring MVC or Spring WebFlux

Resolution

Spring Boot Vulnerability CVE-2023-34055
https://spring.io/security/cve-2023-34055/

This will be addressed in Spectrum 23.3.7 (~March time frame) with a newer Spring Boot

Mitigation Steps - per Spring 'disable web metrics'

On the OneClick Server

cd $SPECROOT/tomcat/conf/
edit: application-spring.properties
Add: management.metrics.enable.http.server.requests=false

Restart OneClick Tomcat

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No