Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-3799

Published: 06/05/2019 Updated: 13/06/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Spring Cloud Config

Vulnerability Summary

Spring Cloud Config, versions 2.1.x before 2.1.2, versions 2.0.x before 2.0.4, and versions 1.4.x before 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring cloud config

oracle communications cloud native core policy 1.15.0

Vendor Advisories

Red Hat: CVE-2019-3799
Impact: Moderate Public Date: 2019-04-16 CWE: CWE-22 Bugzilla: 1709202: CVE-2019-3799 spring-cloud-conf ...

Exploits

Exploit DB: Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, ...

Github Repositories

https://github.com/sa7mon/vulnchest

A collection of vulnerable applications for research purposes

Vuln Chest A collection of vulnerable applications for research purposes CVEs CVE-2018-15473: OpenSSH User Enumeration CVE-2019-3799: Spring Cloud Config Server - Directory Traversal Vulnerability CVE-2019-5420: Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution

https://github.com/mpgn/CVE-2019-3799

CVE-2019-3799 - Spring Cloud Config Server: Directory Traversal < 2.1.2, 2.0.4, 1.4.6

CVE-2019-3799 - Spring-Cloud-Config-Server Directory Traversal &lt; 212, 204, 146 Spring Cloud Config Server is vulnerable to a directory Traversal / Path traversal / File Content Disclosure &lt; 212, 204, 146 Spring Cloud Config, versions 21x prior to 212, versions 20x prior to 204, and versions 14x prior to 146, and older unsupported versions

References

CWE-22https://pivotal.io/security/cve-2019-3799https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://nvd.nist.govhttps://github.com/sa7mon/vulnchesthttps://www.exploit-db.com/exploits/46772https://access.redhat.com/security/cve/cve-2019-3799
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook