CVE-2018-15756: DoS Attack via Range Requests
Published Oct 16, 2018
·Updated
Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Other sources
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack.
— Red Hat
Affected Software
120 affected componentsFixes available
redhat/springframework<5.0.10
5.0.10
redhat/springframework<4.3.20
4.3.20
maven/org.springframework:spring-core>=4.2.0.RELEASE<4.3.20.RELEASE
4.3.20.RELEASE
maven/org.springframework:spring-core>=5.0.0.RELEASE<5.0.10.RELEASE
5.0.10.RELEASE
maven/org.springframework:spring-core>=5.1.0.RELEASE<5.1.1.RELEASE
5.1.1.RELEASE
VMware Spring Framework>=4.2.0<4.3.20
VMware Spring Framework>=5.0.0<5.0.10
VMware Spring Framework=5.1.0
Oracle Agile PLM=9.3.3
Oracle Agile PLM=9.3.4
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Communications Brm - Elastic Charging Engine=11.3
Oracle Communications Brm - Elastic Charging Engine=12.0
Oracle Communications Converged Application Server - Service Controller=6.0
Oracle Communications Converged Application Server - Service Controller=6.1
Oracle Communications Diameter Signaling Router=8.0.0
Oracle Communications Diameter Signaling Router=8.1
Oracle Communications Diameter Signaling Router=8.2
Oracle Communications Diameter Signaling Router=8.2.1
Oracle Communications Element Manager=8.1.1
Oracle Communications Element Manager=8.2.0
Oracle Communications Element Manager=8.2.1
Oracle Communications Online Mediation Controller=6.1
Oracle Communications Session Report Manager=8.0.0
Oracle Communications Session Report Manager=8.1.0
Oracle Communications Session Report Manager=8.1.1
Oracle Communications Session Report Manager=8.2.0
Oracle Communications Session Report Manager=8.2.1
Oracle Communications Session Route Manager=8.0.0
Oracle Communications Session Route Manager=8.1.0
Oracle Communications Session Route Manager=8.1.1
Oracle Communications Session Route Manager=8.2.0
Oracle Communications Session Route Manager=8.2.1
Oracle Communications Unified Inventory Management=7.3
Oracle Communications Unified Inventory Management=7.4.0
Oracle Endeca Information Discovery Integrator=3.2.0
Oracle Enterprise Manager For Fusion Applications=13.3.0.0
Oracle Enterprise Manager Ops Center=12.3.3
Oracle Financial Services Analytical Applications Infrastructure>=8.0.2<=8.0.8
Oracle FLEXCUBE Private Banking=12.0.1
Oracle FLEXCUBE Private Banking=12.0.3
Oracle FLEXCUBE Private Banking=12.1.0
Oracle Goldengate Application Adapters=12.3.2.1.0
Oracle Healthcare Master Person Index=3.0
Oracle Healthcare Master Person Index=4.0.2
Oracle Identity Manager Connector=9.0
Oracle Insurance Calculation Engine=9.7
Oracle Insurance Calculation Engine=10.0
Oracle Insurance Calculation Engine=10.1
Oracle Insurance Calculation Engine=10.2
Oracle Insurance Policy Administration J2EE=10.0
Oracle Insurance Policy Administration J2EE=10.1
Oracle Insurance Policy Administration J2EE=10.2
Oracle Insurance Policy Administration J2EE=10.2.0
Oracle Insurance Policy Administration J2EE=10.2.4
Oracle Insurance Policy Administration J2EE=11.0
Oracle Insurance Policy Administration J2EE=11.1.0
Oracle Insurance Policy Administration J2EE=11.2.0
Oracle Insurance Rules Palette=10.0
Oracle Insurance Rules Palette=10.1
Oracle Insurance Rules Palette=10.2
Oracle Insurance Rules Palette=10.2.0
Oracle Insurance Rules Palette=10.2.4
Oracle Insurance Rules Palette=11.0
Oracle Insurance Rules Palette=11.0.2
Oracle Insurance Rules Palette=11.1.0
Oracle Insurance Rules Palette=11.2.0
Oracle MySQL Enterprise Monitor<=4.0.12
Oracle MySQL Enterprise Monitor>=8.0.0<=8.0.20
Oracle Primavera Analytics=18.8
Oracle Primavera Gateway=15.2
Oracle Primavera Gateway=16.2
Oracle Primavera Gateway=17.12
Oracle Primavera Gateway=18.8.0
Oracle Rapid Planning=12.1
Oracle Rapid Planning=12.2
Oracle Retail Advanced Inventory Planning=15.0
Oracle Retail Assortment Planning=15.0
Oracle Retail Assortment Planning=16.0
Oracle Retail Clearance Optimization Engine=14.0.5
Oracle Retail Financial Integration=14.0
Oracle Retail Financial Integration=14.1
Oracle Retail Financial Integration=15.0
Oracle Retail Financial Integration=16.0
Oracle Retail Integration Bus=15.0
Oracle Retail Integration Bus=15.0.3
Oracle Retail Integration Bus=16.0
Oracle Retail Integration Bus=16.0.3
Oracle Retail Invoice Matching=12.0
Oracle Retail Invoice Matching=13.0
Oracle Retail Invoice Matching=13.1
Oracle Retail Invoice Matching=13.2
Oracle Retail Invoice Matching=14.0
Oracle Retail Invoice Matching=14.1
Oracle Retail Markdown Optimization=13.4.4
Oracle Retail Order Broker=5.1
Oracle Retail Order Broker=5.2
Oracle Retail Order Broker=15.0
Oracle Retail Order Broker=16.0
Oracle Retail Predictive Application Server=14.0.3
Oracle Retail Predictive Application Server=14.0.3.26
Oracle Retail Predictive Application Server=14.1.3
Oracle Retail Predictive Application Server=14.1.3.37
Oracle Retail Predictive Application Server=15.0.3
Oracle Retail Predictive Application Server=15.0.3.100
Oracle Retail Predictive Application Server=16.0
Oracle Retail Predictive Application Server=16.0.3
Oracle Retail Service Backbone=15.0
Oracle Retail Service Backbone=16.0
Oracle Retail Service Backbone=16.0.1
Oracle Retail Xstore Point of Service=7.1
Oracle Tape Library Acsls=8.5
Oracle WebCenter Sites=12.2.1.3.0
Oracle WebLogic Server=10.3.6.0.0
Oracle WebLogic Server=12.1.3.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Debian Debian Linux=9.0
IBM GDE<=3.0.0.2
Remediation
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Event History
Oct 16, 2018
CVE Published
12:00 AM
Data Sourced
12:00 AM
RemedyDescriptionSeverityWeaknessAffected Software
Oct 18, 2018
CVE Published
via MITRE·10:00 PM
Data Sourced
via MITRE·10:00 PM
DescriptionSeverityWeakness
Oct 25, 2018
Data Sourced
via Red Hat·12:22 PM
DescriptionSeverityAffected Software
Jun 15, 2020
Advisory Published
via GitHub·07:34 PM
Parent advisories
This vulnerability appears in the following advisories.
Frequently Asked Questions
1
What is the severity of CVE-2018-15756?
CVE-2018-15756 has been classified as a high severity vulnerability due to its potential to cause denial of service.
2
How do I fix CVE-2018-15756?
To fix CVE-2018-15756, upgrade your Spring Framework to version 4.3.20 or 5.0.10, or later.
3
What types of systems are affected by CVE-2018-15756?
CVE-2018-15756 affects various systems utilizing vulnerable versions of the Pivotal Spring Framework.
4
Is there a workaround for CVE-2018-15756?
While there is no direct workaround, limiting the range requests on your servers can help mitigate the impact.
5
Can CVE-2018-15756 be exploited externally?
Yes, CVE-2018-15756 can be exploited by remote attackers using specially crafted range headers.