CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://spring.io/security/cve-2024-38809

Configurations

No configuration.

History

30 Sep 2024, 12:45

Type	Values Removed	Values Added
Summary		(es) Las aplicaciones que analizan ETags de los encabezados de solicitud "If-Match" o "If-None-Match" son vulnerables a ataques DoS. Los usuarios de las versiones afectadas deben actualizar a la versión corregida correspondiente. Los usuarios de versiones anteriores no compatibles podrían imponer un límite de tamaño en los encabezados "If-Match" y "If-None-Match", por ejemplo, a través de un filtro.

27 Sep 2024, 20:35

Type	Values Removed	Values Added
CWE		CWE-400

27 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-27 17:15

Updated : 2024-09-30 12:45

NVD link : CVE-2024-38809

Mitre link : CVE-2024-38809

CVE.ORG link : CVE-2024-38809

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

5.3 /10