Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-34035

Published: 18/07/2023 Updated: 27/07/2023
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Vmware

Vulnerability Summary

Spring Security versions 5.8 before 5.8.5, 6.0 before 6.0.5, and 6.1 before 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring security

ICS Advisories

https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/sarasa0310/wanted-pre-onboarding-backend

원티드 프리온보딩 백엔드 인턴십 선발 과제 제출용 레포지토리

wanted-pre-onboarding-backend 원티드 프리온보딩 백엔드 인턴십 선발 과제입니다 필수 API 요구사항 이외에도 사용자와 게시글 서비스 단위 테스트 코드 추가 및 클라우드 환경(AWS)에 배포 환경을 설계하고 애플리케이션을 배포하였습니다 1 성명 은지일 2 구현 방법 및 이유 최신 백엔드 개

https://github.com/AkagiYui/KenkoDrive

我的云盘

KenkoDrive 我的云盘 计划作为毕业设计,立项于 2023年5月31日。项目整体结构清晰,职责明确,注释全面,开箱即用。 GitHub仓库:githubcom/AkagiYui/KenkoDrive GitLink中国大陆仓库:gitlinkorgcn/AkagiYui/KenkoDrive 在线演示地址:driveakagiyuicom API 文档:apifoxcom/apidoc/project-2811497 前端仓库:KenkoDri

https://github.com/mouadk/CVE-2023-34035-Poc

CVE-2023-34035: Incorrect Authorization

https://github.com/jzheaux/cve-2023-34035-mitigations

This repo is a set of samples to demonstrate the arrangements wherein applications may be vulnerable to CVE-2023-34035 An application is vulnerable when all of the following are true: Spring MVC is on the classpath DispatcherServlet and at least one other servlet are mapped; one of them having a path-based servlet mapping (for example, /path/**) The application uses re

References

CWE-863https://spring.io/security/cve-2023-34035https://nvd.nist.govhttps://github.com/sarasa0310/wanted-pre-onboarding-backendhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook