CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38816

Medium Severity
SVRS
36/100
CVSSv3
7.5/10
EPSS
0.92403/1

CVE-2024-38816 allows for path traversal attacks in Spring applications using WebMvc.fn or WebFlux.fn to serve static resources. An attacker could potentially access sensitive files on the server. This vulnerability arises when RouterFunctions are used to serve static content with explicit FileSystemResource configuration. Despite a CVSS score of 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a moderate risk level that doesn't require immediate action but is still important to address. This is further emphasized by the presence of "In The Wild" and "Exploit Available" tags. Applications are only vulnerable when not using Spring Security HTTP Firewall or running on Tomcat or Jetty. It's significant because successful exploitation could lead to data breaches and system compromise.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2025-03-18
LAST MODIFIED2024-09-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38816 is a path traversal vulnerability in Spring Framework, a popular Java web framework. It allows attackers to access files on the server's file system, potentially leading to sensitive data exposure or remote code execution. The SVRS of 38 indicates a moderate risk, requiring attention and timely mitigation.

Key Insights:

  • Exploitable in Specific Configurations: The vulnerability is only exploitable when the application uses RouterFunctions to serve static resources and explicitly configures resource handling with a FileSystemResource location.
  • File System Access: Attackers can access any file on the file system that is accessible to the Spring application process, including sensitive data such as passwords or configuration files.
  • Active Exploits: Active exploits have been published, indicating that attackers are actively exploiting the vulnerability.

Mitigation Strategies:

  • Update Spring Framework: Upgrade to Spring Framework version 6.0.5 or later, which includes a fix for this vulnerability.
  • Use Spring Security HTTP Firewall: Enable the Spring Security HTTP Firewall to block malicious requests.
  • Run on Tomcat or Jetty: Deploy the application on Tomcat or Jetty, which provide built-in protection against path traversal attacks.
  • Restrict File Access: Limit the application's access to only the necessary files and directories on the file system.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • The vulnerability is actively exploited by hackers in the wild.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
masa42/CVE-2024-38816-PoChttps://github.com/masa42/CVE-2024-38816-PoC2024-09-25
WULINPIN/CVE-2024-38816-PoChttps://github.com/WULINPIN/CVE-2024-38816-PoC2024-09-28
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Cyble reports surge in cyberattacks targeting critical infrastructure and open-source vulnerabilities - IndustrialCyber
2024-10-29
Cyble reports surge in cyberattacks targeting critical infrastructure and open-source vulnerabilities - IndustrialCyber | News Content: A recent Cyble sensor intelligence report highlighted numerous active attack campaigns targeting known vulnerabilities across critical infrastructure environments. Notably, there have been new attacks on the SPIP open-source CMS, while ongoing exploits persist against IoT devices. Previously reported campaigns continue to exploit vulnerabilities in PHP, Linux systems, and Java and Python frameworks. Older vulnerabilities in IoT devices and embedded systems continue to be exploited at alarming rates. New to the report are exploits of vulnerabilities that may still be present in some Siemens products
google.com
rss
forum
news
Vulnerability Intelligence: Cyberattacks on Spring & IoT Devices - The Cyber Express
2024-10-23
Vulnerability Intelligence: Cyberattacks on Spring & IoT Devices - The Cyber Express | News Content: Cyble vulnerability intelligence unit has shared a report, detailing the recent cyberattacks on the Spring Java framework and hundreds of thousands of Internet of Things (IoT) devices. The report sheds light on over 30 active attack campaigns targeting well-known vulnerabilities. Among these, a focus has emerged on CVE-2024-38816, a critical vulnerability affecting the Spring Java framework. Furthermore, the report highlights that more than 400,000 attacks exploit a vulnerability linked to IoT devices. Cyble Vulnerability Intelligence Unit Highlights Key Flaws in Multiple Systems CVE-2024
google.com
rss
forum
news

Social Media

4️⃣ Spring Framework: High severity vulnerability impacts versions 5.3.0 to 6.1.13. Path traversal attacks can expose sensitive files. Monitor updates closely as no fix exists yet. (Reference: CVE-2024-38816)
1
0
0
4️⃣ #SpringFramework: High severity vulnerability impacts versions 5.3.0 to 6.1.13. Path traversal attacks can expose sensitive files. Monitor updates closely as no fix exists yet. (Reference: CVE-2024-38816)
1
0
1
#Vulnerability #CVE202438816 CVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions https://t.co/3jJPweFx9s
0
0
0
GitHub - masa42/CVE-2024-38816-PoC: CVE-2024-38816 Proof of Concept - https://t.co/SCk1MRRqa2
0
0
3
Actively exploited CVE : CVE-2024-38816
1
0
0
CVE-2024-38816: Spring Framework Path Traversal Vulnerability Threatens Millions https://t.co/dNvH7VHChB
0
0
5
CVE-2024-38816 Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft ma… https://t.co/f7ylBS2V68
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://spring.io/security/cve-2024-38816
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20241227-0001/
[email protected]https://spring.io/security/cve-2024-38816

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence