Multiple Apache Products Vulnerabilities
August 22, 2024North Korean Cybercriminals Use New MoonPeak Trojan in Cyberattacks – Active IOCs
August 22, 2024Multiple Apache Products Vulnerabilities
August 22, 2024North Korean Cybercriminals Use New MoonPeak Trojan in Cyberattacks – Active IOCs
August 22, 2024Severity
Medium
Analysis Summary
CVE-2024-38809 CVSS:5.3
VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted HTTP request containing ETags from "If-Match" or "If-None-Match" request headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-38808 CVSS:7.5
VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language (SpEL) expression, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-38809
- CVE-2024-38808
Affected Vendors
Affected Products
- VMware Tanzu Spring Framework 5.3.0
- VMware Tanzu Spring Framework 6.0.0
- VMware Tanzu Spring Framework 6.1.0
- VMware Tanzu Spring Framework 5.3.37
- VMware Tanzu Spring Framework 6.0.22
- VMware Tanzu Spring Framework 6.1.11
- VMware Tanzu Spring Framework 5.3.38
Remediation
Upgrade to the latest version of VMware Tanzu, available from the VMware Website.