VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows

2024-08-1500:00:00

plugins.openvas.org

vmware spring framework

denial of service

windows

cve-2024-38808

spring expression language

spel

dos vulnerability

user-supplied

evaluation

specially crafted expression

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.5%

JSON

The VMware Spring Framework is prone to a denial of service
(DoS) vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:vmware:spring_framework";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.114751");
  script_version("2024-08-16T05:05:44+0000");
  script_tag(name:"last_modification", value:"2024-08-16 05:05:44 +0000 (Fri, 16 Aug 2024)");
  script_tag(name:"creation_date", value:"2024-08-15 10:03:00 +0000 (Thu, 15 Aug 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_cve_id("CVE-2024-38808");

  script_tag(name:"qod_type", value:"executable_version");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_vmware_spring_framework_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("vmware/spring/framework/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"The VMware Spring Framework is prone to a denial of service
  (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"It is possible for a user to provide a specially crafted Spring
  Expression Language (SpEL) expression that may cause a DoS condition.");

  script_tag(name:"affected", value:"VMware Spring Framework versions prior to 5.3.39.

  Specifically, an application is vulnerable when the following is true:

  - The application evaluates user-supplied SpEL expressions.");

  script_tag(name:"solution", value:"Update to version 5.3.39 or later.

  Vendor note:

  Evaluation of user-supplied SpEL expressions should be avoided when possible. Otherwise,
  user-supplied SpEL expressions should be evaluated with a SimpleEvaluationContext in read-only
  mode. No other steps are necessary.");

  script_xref(name:"URL", value:"https://spring.io/security/cve-2024-38808");
  script_xref(name:"URL", value:"https://spring.io/blog/2024/08/14/spring-framework-releases-fixes-for-cve-2024-38808-and-cve-2024-38809");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "5.3.39")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.3.39", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);