Severity
Medium
Analysis Summary
CVE-2023-34053 CVSS:5.3
VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw when the application uses Spring MVC or Spring WebFlux, io.micrometer:micrometer-core is on the classpath, or an ObservationRegistry is configured. By sending specially crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-34054 CVSS:5.3
VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending specially crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-34055 CVSS:5.3
VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or org.springframework.boot:spring-boot-actuator is on the classpath. By sending specially crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-34053
- CVE-2023-34054
- CVE-2023-34055
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Framework 6.0.0
- VMware Tanzu Spring Boot 2.7.0
- VMware Tanzu Spring Boot 3.0.0
- VMware Tanzu Spring Framework 6.0.13
- VMware Tanzu Reactor Netty 1.0.0
- VMware Tanzu Reactor Netty 1.0.38
- VMware Tanzu Reactor Netty 1.1.0
- VMware Tanzu Reactor Netty 1.1.12
- VMware Tanzu Spring Boot 2.7.17
- VMware Tanzu Spring Boot 3.0.12
- VMware Tanzu Spring Boot 3.1.0
- VMware Tanzu Spring Boot 3.1.5
Remediation
Refer to VMware Tanzu Web site for patch, upgrade or workaround information.