Spring Cloud Config Server Directory Traversal Vulnerability CVE-2020-5410 Scanner

Details

Stay Up To Date

Follow @secforeveryone

Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

Spring Cloud Config Server Directory Traversal Vulnerability CVE-2020-5410 Scanner Detail

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.

A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

Some Advice for Common Problems

Update your Spring Cloud Config Server, to the latest version to eliminate this vulnerability.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service