CVE-2019-3799

MEDIUM NUCLEI

Vmware Spring Cloud Config < 1.4.6 - Path Traversal

Title source: rule

Description

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

Exploits (4)

exploitdb WORKING POC

by Dhiraj Mishra · rubywebappsjava

https://www.exploit-db.com/exploits/46772

View Code ZIP pw:eip

nomisec WORKING POC 31 stars

by mpgn · poc

https://github.com/mpgn/CVE-2019-3799

View Code ZIP pw:eip

nomisec NO CODE

by Corgizz · poc

https://github.com/Corgizz/SpringCloud

View Code ZIP pw:eip

metasploit WORKING POC

by Vern, Dhiraj Mishra · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/springcloud_traversal.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Spring Cloud Config Server - Local File Inclusion

MEDIUMby madrobot

References (2)

[Vendor Advisory] https://pivotal.io/security/cve-2019-3799

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 6.5

EPSS 0.8966

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (3)

oracle/communications_cloud_native_core_policy 1.15.0

org.springframework.cloud/spring-cloud-config-server 0 - 1.4.6Maven

vmware/spring_cloud_config 1.4.0 - 1.4.6

Published May 06, 2019

Tracked Since Feb 18, 2026