目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-38816 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
CVE-2024-38816: Path traversal vulnerability in functional web frameworks
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use * the application runs on Tomcat or Jetty
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
VMware Spring Framework 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
VMware Spring Framework是美国威睿(VMware)公司的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 VMware Spring Framework存在安全漏洞,该漏洞源于存在目录遍历漏洞,允许攻击者通过精心构造的HTTP请求访问或操作服务器上本不应该被访问的文件。受影响版本如下:5.3.0至5.3.39版本、6.0.0至6.0.23版本和6.1.0至6.1.12版本。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
SpringSpring 5.3.x ~ 5.3.40 -
二、漏洞 CVE-2024-38816 的公开POC
#POC 描述源链接神龙链接
1Nonehttps://github.com/weliveby/cve-2024-38816-demoPOC详情
2CVE-2024-38816 Proof of Concepthttps://github.com/masa42/CVE-2024-38816-PoCPOC详情
3CVE-2024-38816 Proof of Concepthttps://github.com/WULINPIN/CVE-2024-38816-PoCPOC详情
4Nonehttps://github.com/startsw1th/cve-2024-38816-demoPOC详情
5Nonehttps://github.com/Galaxy-system/cve-2024-38816POC详情
6 CVE-2024-38816https://github.com/Anthony1078/App-vulnerablePOC详情
7Fixed cve-2024-38816 based on version 5.3.39https://github.com/wdragondragon/spring-frameworkPOC详情
8Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-38816.yamlPOC详情
9Fork spring-webmvc 5.3.39 to fix CVE-2024-38816, CVE-2024-38819https://github.com/jaloon/spring-webmvc5POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2024-38816 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: Spring
Same vendor: Spring
V. Comments for CVE-2024-38816

暂无评论

发表评论