PT-2022-6999 · Unknown+1 · Spring Framework+1
Published
2022-05-12
·
Updated
2022-11-28
·
CVE-2022-22971
CVSS v2.0
6.8
Medium
| AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Spring Framework versions prior to 5.3.20
Spring Framework versions prior to 5.2.22
Spring Framework old unsupported versions
Description
The application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. This issue is related to unlimited resource allocation. An attacker can exploit this to cause a denial of service.
Recommendations
For Spring Framework versions prior to 5.3.20, update to version 5.3.20 or later.
For Spring Framework versions prior to 5.2.22, update to version 5.2.22 or later.
For Spring Framework old unsupported versions, consider upgrading to a supported version to mitigate the risk of exploitation.
As a temporary workaround, consider restricting access to the STOMP over WebSocket endpoint until a patch is available.
Fix
DoS
Allocation of Resources Without Limits
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Spring Framework