high
7.5
CWE
20
Advisory Published
Advisory Published
Updated

CVE-2018-15756: DoS Attack via Range Requests

First published: Tue Oct 16 2018(Updated: )

Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Credit: security_alert@emc.com security_alert@emc.com

Affected SoftwareAffected VersionHow to fix
IBM GDE<=3.0.0.2
redhat/springframework<5.0.10
5.0.10
redhat/springframework<4.3.20
4.3.20
VMware Spring Framework>=4.2.0<4.3.20
VMware Spring Framework>=5.0.0<5.0.10
VMware Spring Framework=5.1.0
Oracle Agile PLM=9.3.3
Oracle Agile PLM=9.3.4
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Communications Brm - Elastic Charging Engine=11.3
Oracle Communications Brm - Elastic Charging Engine=12.0
Oracle Communications Converged Application Server - Service Controller=6.0
Oracle Communications Converged Application Server - Service Controller=6.1
Oracle Communications Diameter Signaling Router=8.0.0
Oracle Communications Diameter Signaling Router=8.1
Oracle Communications Diameter Signaling Router=8.2
Oracle Communications Diameter Signaling Router=8.2.1
Oracle Communications Element Manager=8.1.1
Oracle Communications Element Manager=8.2.0
Oracle Communications Element Manager=8.2.1
Oracle Communications Online Mediation Controller=6.1
Oracle Communications Session Report Manager=8.0.0
Oracle Communications Session Report Manager=8.1.0
Oracle Communications Session Report Manager=8.1.1
Oracle Communications Session Report Manager=8.2.0
Oracle Communications Session Report Manager=8.2.1
Oracle Communications Session Route Manager=8.0.0
Oracle Communications Session Route Manager=8.1.0
Oracle Communications Session Route Manager=8.1.1
Oracle Communications Session Route Manager=8.2.0
Oracle Communications Session Route Manager=8.2.1
Oracle Communications Unified Inventory Management=7.3
Oracle Communications Unified Inventory Management=7.4.0
Oracle Endeca Information Discovery Integrator=3.2.0
Oracle Enterprise Manager For Fusion Applications=13.3.0.0
Oracle Enterprise Manager Ops Center=12.3.3
Oracle Financial Services Analytical Applications Infrastructure>=8.0.2<=8.0.8
Oracle FLEXCUBE Private Banking=12.0.1
Oracle FLEXCUBE Private Banking=12.0.3
Oracle FLEXCUBE Private Banking=12.1.0
Oracle Goldengate Application Adapters=12.3.2.1.0
Oracle Healthcare Master Person Index=3.0
Oracle Healthcare Master Person Index=4.0.2
Oracle Identity Manager Connector=9.0
Oracle Insurance Calculation Engine=9.7
Oracle Insurance Calculation Engine=10.0
Oracle Insurance Calculation Engine=10.1
Oracle Insurance Calculation Engine=10.2
Oracle Insurance Policy Administration J2EE=10.0
Oracle Insurance Policy Administration J2EE=10.1
Oracle Insurance Policy Administration J2EE=10.2
Oracle Insurance Policy Administration J2EE=10.2.0
Oracle Insurance Policy Administration J2EE=10.2.4
Oracle Insurance Policy Administration J2EE=11.0
Oracle Insurance Policy Administration J2EE=11.1.0
Oracle Insurance Policy Administration J2EE=11.2.0
Oracle Insurance Rules Palette=10.0
Oracle Insurance Rules Palette=10.1
Oracle Insurance Rules Palette=10.2
Oracle Insurance Rules Palette=10.2.0
Oracle Insurance Rules Palette=10.2.4
Oracle Insurance Rules Palette=11.0
Oracle Insurance Rules Palette=11.0.2
Oracle Insurance Rules Palette=11.1.0
Oracle Insurance Rules Palette=11.2.0
Oracle Mysql Enterprise Monitor<=4.0.12
Oracle Mysql Enterprise Monitor>=8.0.0<=8.0.20
Oracle Primavera Analytics=18.8
Oracle Primavera Gateway=15.2
Oracle Primavera Gateway=16.2
Oracle Primavera Gateway=17.12
Oracle Primavera Gateway=18.8.0
Oracle Rapid Planning=12.1
Oracle Rapid Planning=12.2
Oracle Retail Advanced Inventory Planning=15.0
Oracle Retail Assortment Planning=15.0
Oracle Retail Assortment Planning=16.0
Oracle Retail Clearance Optimization Engine=14.0.5
Oracle Retail Financial Integration=14.0
Oracle Retail Financial Integration=14.1
Oracle Retail Financial Integration=15.0
Oracle Retail Financial Integration=16.0
Oracle Retail Integration Bus=15.0
Oracle Retail Integration Bus=15.0.3
Oracle Retail Integration Bus=16.0
Oracle Retail Integration Bus=16.0.3
Oracle Retail Invoice Matching=12.0
Oracle Retail Invoice Matching=13.0
Oracle Retail Invoice Matching=13.1
Oracle Retail Invoice Matching=13.2
Oracle Retail Invoice Matching=14.0
Oracle Retail Invoice Matching=14.1
Oracle Retail Markdown Optimization=13.4.4
Oracle Retail Order Broker=5.1
Oracle Retail Order Broker=5.2
Oracle Retail Order Broker=15.0
Oracle Retail Order Broker=16.0
Oracle Retail Predictive Application Server=14.0.3
Oracle Retail Predictive Application Server=14.0.3.26
Oracle Retail Predictive Application Server=14.1.3
Oracle Retail Predictive Application Server=14.1.3.37
Oracle Retail Predictive Application Server=15.0.3
Oracle Retail Predictive Application Server=15.0.3.100
Oracle Retail Predictive Application Server=16.0
Oracle Retail Predictive Application Server=16.0.3
Oracle Retail Service Backbone=15.0
Oracle Retail Service Backbone=16.0
Oracle Retail Service Backbone=16.0.1
Oracle Retail Xstore Point of Service=7.1
Oracle Tape Library Acsls=8.5
Oracle WebCenter Sites=12.2.1.3.0
Oracle WebLogic Server=10.3.6.0.0
Oracle WebLogic Server=12.1.3.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Debian Debian Linux=9.0
maven/org.springframework:spring-core>=4.2.0.RELEASE<4.3.20.RELEASE
4.3.20.RELEASE
maven/org.springframework:spring-core>=5.0.0.RELEASE<5.0.10.RELEASE
5.0.10.RELEASE
maven/org.springframework:spring-core>=5.1.0.RELEASE<5.1.1.RELEASE
5.1.1.RELEASE
>=4.2.0<4.3.20
>=5.0.0<5.0.10
=5.1.0
=9.3.3
=9.3.4
=9.3.5
=9.3.6
=11.3
=12.0
=6.0
=6.1
=8.0.0
=8.1
=8.2
=8.2.1
=8.1.1
=8.2.0
=8.2.1
=6.1
=8.0.0
=8.1.0
=8.1.1
=8.2.0
=8.2.1
=8.0.0
=8.1.0
=8.1.1
=8.2.0
=8.2.1
=7.3
=7.4.0
=3.2.0
=13.3.0.0
=12.3.3
>=8.0.2<=8.0.8
=12.0.1
=12.0.3
=12.1.0
=12.3.2.1.0
=3.0
=4.0.2
=9.0
=9.7
=10.0
=10.1
=10.2
=10.0
=10.1
=10.2
=10.2.0
=10.2.4
=11.0
=11.1.0
=11.2.0
=10.0
=10.1
=10.2
=10.2.0
=10.2.4
=11.0
=11.0.2
=11.1.0
=11.2.0
<=4.0.12
>=8.0.0<=8.0.20
=18.8
=15.2
=16.2
=17.12
=18.8.0
=12.1
=12.2
=15.0
=15.0
=16.0
=14.0.5
=14.0
=14.1
=15.0
=16.0
=15.0
=15.0.3
=16.0
=16.0.3
=12.0
=13.0
=13.1
=13.2
=14.0
=14.1
=13.4.4
=5.1
=5.2
=15.0
=16.0
=14.0.3
=14.0.3.26
=14.1.3
=14.1.3.37
=15.0.3
=15.0.3.100
=16.0
=16.0.3
=15.0
=16.0
=16.0.1
=7.1
=8.5
=12.2.1.3.0
=10.3.6.0.0
=12.1.3.0.0
=12.2.1.3.0
=12.2.1.4.0
=9.0

Remedy

https://www.oracle.com//security-alerts/cpujul2021.html

Remedy

https://www.oracle.com/security-alerts/cpuapr2020.html

Remedy

https://www.oracle.com/security-alerts/cpujan2020.html

Remedy

https://www.oracle.com/security-alerts/cpujan2021.html

Remedy

https://www.oracle.com/security-alerts/cpujul2020.html

Remedy

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Remedy

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203