CVE-2024-38809

Summary

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.

Affected Software

VendorProductVersion RangeStatus
N/ASpring Framework6.1.0 - 6.1.11, 6.0.0 - 6.0.22, 5.3.0 - 5.3.37affected

Weaknesses

  • Spring Framework DoS via conditional HTTP request

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References