This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SSRF in VMware Spring Cloud Netflix. π **Consequences**: Attackers send requests to internal servers. Sensitive data leaks, unauthorized ops, or data modification possible.β¦
π **CWE**: CWE-441 (Unintended Information Disclosure). π οΈ **Flaw**: The `Hystrix Dashboard` proxy.stream endpoint lacks proper validation. It blindly proxies requests to any reachable server.β¦
π¦ **Vendor**: Spring by VMware. π **Product**: Spring Cloud Netflix. π **Affected Versions**: 2.2.x < 2.2.4, 2.1.x < 2.1.6, and older unsupported versions. β **Safe**: 2.2.4+ and 2.1.6+.
Q4What can hackers do? (Privileges/Data)
π» **Actions**: Send HTTP requests to internal/hidden servers. π **Data**: Access sensitive internal info. π§ **Ops**: Modify data or execute unauthorized commands. π **Scope**: Any server reachable by the host.β¦
π **Exploit**: Yes. π **PoC**: Available via Nuclei templates (projectdiscovery). π **Wild Exploitation**: High risk due to simple SSRF nature. π§ͺ Automated scanning tools can detect this easily.β¦
π **Check**: Look for `/hystrix` or `/hystrix-dashboard` endpoints. π‘ **Scan**: Use Nuclei template `CVE-2020-5412.yaml`. π§ͺ **Test**: Send request to internal IP via proxy.stream.β¦
π‘οΈ **Fixed**: Yes. π¦ **Patch**: Upgrade to Spring Cloud Netflix 2.2.4 or 2.1.6. π **Action**: Update dependencies immediately. π **Reference**: VMware Security Advisory. β Official fix is the best defense.
Q9What if no patch? (Workaround)
π§ **Workaround**: Disable Hystrix Dashboard if not needed. π« **Block**: Restrict access to `/hystrix` endpoints via WAF/ACL. π **Filter**: Block outbound requests to internal IPs from app server.β¦