About Spring

Spring is a framework in JAVA that uses data binding functionality to bind data stored within an HTTP request to certain objects used by an application. This is a very brief idea about the Spring framework.

Now if any of the systems are running this configuration then it’s vulnerable.

Technical Details

• JDK version 9+
• Apache Tomcat for serving the application
• Spring Framework Version 5.3.0 to 5.3.17 and 5.2.0 to 5.2.19 and below
• application built as a WAR file
• spring-webmvc and/or spring-webflux

So this is all about vulnerable configuration

But there is a catch in this as at the same time two CVEs came out