CVE-2024-38809
MEDIUMSpring Framework 5.3.0-5.3.37, 6.0.0-6.0.22, 6.1.0-6.1.11 - Denial of Service via ETag Header Parsing
Title source: llmDescription
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
References (2)
Core 2
Core References
Vendor Advisory
https://spring.io/security/cve-2024-38809
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240920-0003/
Scores
CVSS v3
5.3
EPSS
0.0086
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (2)
N/A/Spring Framework
6.1.0 - 6.1.11, 6.0.0 - 6.0.22, 5.3.0 - 5.3.37
org.springframework/spring-web
0 - 5.3.38Maven
Published
Sep 27, 2024
Tracked Since
Feb 18, 2026