CVE-2018-15756: DoS Attack via Range Requests
First published: Tue Oct 16 2018(Updated: )
Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Credit: security_alert@emc.com security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/springframework | <5.0.10 | 5.0.10 |
| redhat/springframework | <4.3.20 | 4.3.20 |
| maven/org.springframework:spring-core | >=4.2.0.RELEASE<4.3.20.RELEASE | 4.3.20.RELEASE |
| maven/org.springframework:spring-core | >=5.0.0.RELEASE<5.0.10.RELEASE | 5.0.10.RELEASE |
| maven/org.springframework:spring-core | >=5.1.0.RELEASE<5.1.1.RELEASE | 5.1.1.RELEASE |
| IBM GDE | <=3.0.0.2 | |
| Spring Framework | >=4.2.0<4.3.20 | |
| Spring Framework | >=5.0.0<5.0.10 | |
| Spring Framework | =5.1.0 | |
| Oracle Agile PLM | =9.3.3 | |
| Oracle Agile PLM | =9.3.4 | |
| Oracle Agile PLM | =9.3.5 | |
| Oracle Agile PLM | =9.3.6 | |
| oracle communications brm - elastic charging engine | =11.3 | |
| oracle communications brm - elastic charging engine | =12.0 | |
| Oracle Communications Converged Application Server - Service Controller | =6.0 | |
| Oracle Communications Converged Application Server - Service Controller | =6.1 | |
| Oracle Communications Diameter Signaling Router | =8.0.0 | |
| Oracle Communications Diameter Signaling Router | =8.1 | |
| Oracle Communications Diameter Signaling Router | =8.2 | |
| Oracle Communications Diameter Signaling Router | =8.2.1 | |
| oracle communications element manager | =8.1.1 | |
| oracle communications element manager | =8.2.0 | |
| oracle communications element manager | =8.2.1 | |
| Oracle Communications Online Mediation Controller | =6.1 | |
| oracle communications session report manager | =8.0.0 | |
| oracle communications session report manager | =8.1.0 | |
| oracle communications session report manager | =8.1.1 | |
| oracle communications session report manager | =8.2.0 | |
| oracle communications session report manager | =8.2.1 | |
| oracle communications session route manager | =8.0.0 | |
| oracle communications session route manager | =8.1.0 | |
| oracle communications session route manager | =8.1.1 | |
| oracle communications session route manager | =8.2.0 | |
| oracle communications session route manager | =8.2.1 | |
| Oracle Communications Unified Inventory Management | =7.3 | |
| Oracle Communications Unified Inventory Management | =7.4.0 | |
| Oracle Endeca Information Discovery Integrator | =3.2.0 | |
| Oracle Enterprise Manager for Fusion Applications | =13.3.0.0 | |
| Oracle Enterprise Manager Ops Center | =12.3.3 | |
| Oracle Financial Services Analytical Applications Infrastructure | >=8.0.2<=8.0.8 | |
| Oracle FLEXCUBE Private Banking | =12.0.1 | |
| Oracle FLEXCUBE Private Banking | =12.0.3 | |
| Oracle FLEXCUBE Private Banking | =12.1.0 | |
| Oracle GoldenGate Application Adapters | =12.3.2.1.0 | |
| Oracle Healthcare Master Person Index | =3.0 | |
| Oracle Healthcare Master Person Index | =4.0.2 | |
| Oracle Identity Manager Connector | =9.0 | |
| Oracle Insurance Calculation Engine | =9.7 | |
| Oracle Insurance Calculation Engine | =10.0 | |
| Oracle Insurance Calculation Engine | =10.1 | |
| Oracle Insurance Calculation Engine | =10.2 | |
| Oracle Insurance Policy Administration J2EE | =10.0 | |
| Oracle Insurance Policy Administration J2EE | =10.1 | |
| Oracle Insurance Policy Administration J2EE | =10.2 | |
| Oracle Insurance Policy Administration J2EE | =10.2.0 | |
| Oracle Insurance Policy Administration J2EE | =10.2.4 | |
| Oracle Insurance Policy Administration J2EE | =11.0 | |
| Oracle Insurance Policy Administration J2EE | =11.1.0 | |
| Oracle Insurance Policy Administration J2EE | =11.2.0 | |
| Oracle Insurance Rules Palette | =10.0 | |
| Oracle Insurance Rules Palette | =10.1 | |
| Oracle Insurance Rules Palette | =10.2 | |
| Oracle Insurance Rules Palette | =10.2.0 | |
| Oracle Insurance Rules Palette | =10.2.4 | |
| Oracle Insurance Rules Palette | =11.0 | |
| Oracle Insurance Rules Palette | =11.0.2 | |
| Oracle Insurance Rules Palette | =11.1.0 | |
| Oracle Insurance Rules Palette | =11.2.0 | |
| MySQL Enterprise Monitor | <=4.0.12 | |
| MySQL Enterprise Monitor | >=8.0.0<=8.0.20 | |
| Oracle Primavera Analytics | =18.8 | |
| oracle primavera gateway | =15.2 | |
| oracle primavera gateway | =16.2 | |
| oracle primavera gateway | =17.12 | |
| oracle primavera gateway | =18.8.0 | |
| Oracle Rapid Planning | =12.1 | |
| Oracle Rapid Planning | =12.2 | |
| Oracle Retail Advanced Inventory Planning | =15.0 | |
| Oracle Retail Assortment Planning | =15.0 | |
| Oracle Retail Assortment Planning | =16.0 | |
| Oracle Retail Clearance Optimization Engine | =14.0.5 | |
| oracle retail financial integration | =14.0 | |
| oracle retail financial integration | =14.1 | |
| oracle retail financial integration | =15.0 | |
| oracle retail financial integration | =16.0 | |
| Oracle Retail Integration Bus | =15.0 | |
| Oracle Retail Integration Bus | =15.0.3 | |
| Oracle Retail Integration Bus | =16.0 | |
| Oracle Retail Integration Bus | =16.0.3 | |
| Oracle Retail Invoice Matching | =12.0 | |
| Oracle Retail Invoice Matching | =13.0 | |
| Oracle Retail Invoice Matching | =13.1 | |
| Oracle Retail Invoice Matching | =13.2 | |
| Oracle Retail Invoice Matching | =14.0 | |
| Oracle Retail Invoice Matching | =14.1 | |
| Oracle Retail Markdown Optimization | =13.4.4 | |
| Oracle Retail Order Broker | =5.1 | |
| Oracle Retail Order Broker | =5.2 | |
| Oracle Retail Order Broker | =15.0 | |
| Oracle Retail Order Broker | =16.0 | |
| Oracle Retail Predictive Application Server | =14.0.3 | |
| Oracle Retail Predictive Application Server | =14.0.3.26 | |
| Oracle Retail Predictive Application Server | =14.1.3 | |
| Oracle Retail Predictive Application Server | =14.1.3.37 | |
| Oracle Retail Predictive Application Server | =15.0.3 | |
| Oracle Retail Predictive Application Server | =15.0.3.100 | |
| Oracle Retail Predictive Application Server | =16.0 | |
| Oracle Retail Predictive Application Server | =16.0.3 | |
| Oracle Retail Service Backbone | =15.0 | |
| Oracle Retail Service Backbone | =16.0 | |
| Oracle Retail Service Backbone | =16.0.1 | |
| Oracle Retail Xstore Office Cloud Service | =7.1 | |
| Oracle Tape Library ACSLS | =8.5 | |
| Oracle WebCenter Sites | =12.2.1.3.0 | |
| Oracle WebLogic Server | =10.3.6.0.0 | |
| Oracle WebLogic Server | =12.1.3.0.0 | |
| Oracle WebLogic Server | =12.2.1.3.0 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| Debian GNU/Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2018-15756 https://nvd.nist.gov/vuln/detail/CVE-2018-15756 https://pivotal.io/security/cve-2018-15756
- https://bugzilla.redhat.com/show_bug.cgi?id=1643043
- https://access.redhat.com/errata/RHSA-2020:3133
- https://access.redhat.com/errata/RHSA-2020:0983
- https://access.redhat.com/security/cve/cve-2018-15756
- https://exchange.xforce.ibmcloud.com/vulnerabilities/151641
- https://www.ibm.com/support/pages/node/6403331 (Advisory)
- https://pivotal.io/security/cve-2018-15756
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1643044
- https://access.redhat.com/support/policy/updates/jboss_notes
- http://www.securityfocus.com/bid/105703
- https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-15756
- https://github.com/advisories/GHSA-ffvq-7w96-97p7 (Advisory)
- https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E
- https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2018-15756?
CVE-2018-15756 has been classified as a high severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2018-15756?
To fix CVE-2018-15756, upgrade your Spring Framework to version 4.3.20 or 5.0.10, or later.
What types of systems are affected by CVE-2018-15756?
CVE-2018-15756 affects various systems utilizing vulnerable versions of the Pivotal Spring Framework.
Is there a workaround for CVE-2018-15756?
While there is no direct workaround, limiting the range requests on your servers can help mitigate the impact.
Can CVE-2018-15756 be exploited externally?
Yes, CVE-2018-15756 can be exploited by remote attackers using specially crafted range headers.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-15756
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-ffvq-7w96-97p7
- agent/references
- agent/author
- collector/github-advisory
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/maven
- vendor/ibm
- canonical/ibm gde
- version/ibm gde/3.0.0.2
- vendor/vmware
- canonical/spring framework
- version/spring framework/4.2.0
- version/spring framework/5.0.0
- version/spring framework/5.1.0
- vendor/oracle
- canonical/oracle agile plm
- version/oracle agile plm/9.3.3
- version/oracle agile plm/9.3.4
- version/oracle agile plm/9.3.5
- version/oracle agile plm/9.3.6
- canonical/oracle communications brm - elastic charging engine
- version/oracle communications brm - elastic charging engine/11.3
- version/oracle communications brm - elastic charging engine/12.0
- canonical/oracle communications converged application server - service controller
- version/oracle communications converged application server - service controller/6.0
- version/oracle communications converged application server - service controller/6.1
- canonical/oracle communications diameter signaling router
- version/oracle communications diameter signaling router/8.0.0
- version/oracle communications diameter signaling router/8.1
- version/oracle communications diameter signaling router/8.2
- version/oracle communications diameter signaling router/8.2.1
- canonical/oracle communications element manager
- version/oracle communications element manager/8.1.1
- version/oracle communications element manager/8.2.0
- version/oracle communications element manager/8.2.1
- canonical/oracle communications online mediation controller
- version/oracle communications online mediation controller/6.1
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.0.0
- version/oracle communications session report manager/8.1.0
- version/oracle communications session report manager/8.1.1
- version/oracle communications session report manager/8.2.0
- version/oracle communications session report manager/8.2.1
- canonical/oracle communications session route manager
- version/oracle communications session route manager/8.0.0
- version/oracle communications session route manager/8.1.0
- version/oracle communications session route manager/8.1.1
- version/oracle communications session route manager/8.2.0
- version/oracle communications session route manager/8.2.1
- canonical/oracle communications unified inventory management
- version/oracle communications unified inventory management/7.3
- version/oracle communications unified inventory management/7.4.0
- canonical/oracle endeca information discovery integrator
- version/oracle endeca information discovery integrator/3.2.0
- canonical/oracle enterprise manager for fusion applications
- version/oracle enterprise manager for fusion applications/13.3.0.0
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.3.3
- canonical/oracle financial services analytical applications infrastructure
- version/oracle financial services analytical applications infrastructure/8.0.2
- version/oracle financial services analytical applications infrastructure/8.0.8
- canonical/oracle flexcube private banking
- version/oracle flexcube private banking/12.0.1
- version/oracle flexcube private banking/12.0.3
- version/oracle flexcube private banking/12.1.0
- canonical/oracle goldengate application adapters
- version/oracle goldengate application adapters/12.3.2.1.0
- canonical/oracle healthcare master person index
- version/oracle healthcare master person index/3.0
- version/oracle healthcare master person index/4.0.2
- canonical/oracle identity manager connector
- version/oracle identity manager connector/9.0
- canonical/oracle insurance calculation engine
- version/oracle insurance calculation engine/9.7
- version/oracle insurance calculation engine/10.0
- version/oracle insurance calculation engine/10.1
- version/oracle insurance calculation engine/10.2
- canonical/oracle insurance policy administration j2ee
- version/oracle insurance policy administration j2ee/10.0
- version/oracle insurance policy administration j2ee/10.1
- version/oracle insurance policy administration j2ee/10.2
- version/oracle insurance policy administration j2ee/10.2.0
- version/oracle insurance policy administration j2ee/10.2.4
- version/oracle insurance policy administration j2ee/11.0
- version/oracle insurance policy administration j2ee/11.1.0
- version/oracle insurance policy administration j2ee/11.2.0
- canonical/oracle insurance rules palette
- version/oracle insurance rules palette/10.0
- version/oracle insurance rules palette/10.1
- version/oracle insurance rules palette/10.2
- version/oracle insurance rules palette/10.2.0
- version/oracle insurance rules palette/10.2.4
- version/oracle insurance rules palette/11.0
- version/oracle insurance rules palette/11.0.2
- version/oracle insurance rules palette/11.1.0
- version/oracle insurance rules palette/11.2.0
- canonical/mysql enterprise monitor
- version/mysql enterprise monitor/4.0.12
- version/mysql enterprise monitor/8.0.0
- version/mysql enterprise monitor/8.0.20
- canonical/oracle primavera analytics
- version/oracle primavera analytics/18.8
- canonical/oracle primavera gateway
- version/oracle primavera gateway/15.2
- version/oracle primavera gateway/16.2
- version/oracle primavera gateway/17.12
- version/oracle primavera gateway/18.8.0
- canonical/oracle rapid planning
- version/oracle rapid planning/12.1
- version/oracle rapid planning/12.2
- canonical/oracle retail advanced inventory planning
- version/oracle retail advanced inventory planning/15.0
- canonical/oracle retail assortment planning
- version/oracle retail assortment planning/15.0
- version/oracle retail assortment planning/16.0
- canonical/oracle retail clearance optimization engine
- version/oracle retail clearance optimization engine/14.0.5
- canonical/oracle retail financial integration
- version/oracle retail financial integration/14.0
- version/oracle retail financial integration/14.1
- version/oracle retail financial integration/15.0
- version/oracle retail financial integration/16.0
- canonical/oracle retail integration bus
- version/oracle retail integration bus/15.0
- version/oracle retail integration bus/15.0.3
- version/oracle retail integration bus/16.0
- version/oracle retail integration bus/16.0.3
- canonical/oracle retail invoice matching
- version/oracle retail invoice matching/12.0
- version/oracle retail invoice matching/13.0
- version/oracle retail invoice matching/13.1
- version/oracle retail invoice matching/13.2
- version/oracle retail invoice matching/14.0
- version/oracle retail invoice matching/14.1
- canonical/oracle retail markdown optimization
- version/oracle retail markdown optimization/13.4.4
- canonical/oracle retail order broker
- version/oracle retail order broker/5.1
- version/oracle retail order broker/5.2
- version/oracle retail order broker/15.0
- version/oracle retail order broker/16.0
- canonical/oracle retail predictive application server
- version/oracle retail predictive application server/14.0.3
- version/oracle retail predictive application server/14.0.3.26
- version/oracle retail predictive application server/14.1.3
- version/oracle retail predictive application server/14.1.3.37
- version/oracle retail predictive application server/15.0.3
- version/oracle retail predictive application server/15.0.3.100
- version/oracle retail predictive application server/16.0
- version/oracle retail predictive application server/16.0.3
- canonical/oracle retail service backbone
- version/oracle retail service backbone/15.0
- version/oracle retail service backbone/16.0
- version/oracle retail service backbone/16.0.1
- canonical/oracle retail xstore office cloud service
- version/oracle retail xstore office cloud service/7.1
- canonical/oracle tape library acsls
- version/oracle tape library acsls/8.5
- canonical/oracle webcenter sites
- version/oracle webcenter sites/12.2.1.3.0
- canonical/oracle weblogic server
- version/oracle weblogic server/10.3.6.0.0
- version/oracle weblogic server/12.1.3.0.0
- version/oracle weblogic server/12.2.1.3.0
- version/oracle weblogic server/12.2.1.4.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0