Spring HATEOAS Forwarded Header Bypass in WebFlux (CVE-2023-34036)
CVE-2023-34036 Published on July 17, 2023
Forwarded header exploit with Spring HATEOAS on WebFlux
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.
For the application to be affected, it needs to satisfy the following requirements:
* It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.
* The application infrastructure does not guard against clients submitting (X-)Forwarded headers.
Vulnerability Analysis
CVE-2023-34036 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Neutralization of HTTP Headers for Scripting Syntax
The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
Products Associated with CVE-2023-34036
Want to know whenever a new CVE is published for VMware Spring Hateoas? stack.watch will email you.
Affected Versions
Spring HATEOAS:- Version 1.5.4 or older is affected.
- Version 2.0.4 or older is affected.
- Version 2.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.