CVE-2018-15756

MEDIUM

Description

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.

References

http://www.securityfocus.com/bid/105703

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://pivotal.io/security/cve-2018-15756

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2018-10-18

Updated: 2019-10-03

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:* versions from 4.2.0 to 4.2.9 (inclusive)

cpe:2.3:a:pivotal_software:spring_framework:*:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:spring_framework:5.1:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
136284	Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)	Nessus	Misc.	medium
136091	Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)	Nessus	Windows	high
129973	Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)	Nessus	Misc.	medium
126915	Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)	Nessus	Misc.	high
126828	Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)	Nessus	CGI abuses	high
125147	Oracle Enterprise Manager Ops Center (Apr 2019 CPU)	Nessus	Misc.	high
124157	Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)	Nessus	Misc.	medium