Detections
Analytics

Spring Boot < 1.2.8 / 1.3.0 Whitelabel Error Page Remote Code Execution

critical Web App Scanning Plugin ID 112380

Language:

Synopsis

Spring Boot < 1.2.8 / 1.3.0 Whitelabel Error Page Remote Code Execution

Description

Pivotal Spring Boot is a Java framework designed to help developers create minimal Spring based applications. Spring applications provide the Spring Expression Language (SpEL) which is a powerful expression language for querying and manipulating an object graph at runtime.

Spring Boot versions below 1.2.8 and version 1.3.0 improperly handle exceptions when rendering whitelabel error pages, evaluating user-controlled inputs as SpEL expressions.

An attacker could leverage this vulnerability to craft and inject a specific SpEL expression in order to achieve a remote code execution on the target application.

Solution

Upgrade at least to version 1.3.1 for version 1.3.0 and to version 1.2.8 for versions below. An immediate and temporary fix is to disable the whitelabel error page in the application.properties file.

See Also

http://deadpool.sh/2017/RCE-Springs/

https://github.com/spring-projects/spring-boot/issues/4763

https://spring.io/blog/2015/12/18/spring-boot-1-3-1-and-1-2-8-available-now

Plugin Details

Severity: Critical

ID: 112380

Type: remote

Published: 4/28/2020

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:pivotal_software:spring_boot:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information