CVE-2018-15756: Uncontrolled Resource Consumption

October 18, 2018 (updated October 3, 2019)

Spring Framework provides support for range requests when serving static resources through the ResourceHttpRequestHandler. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack.

References

www.securityfocus.com/bid/105703
nvd.nist.gov/vuln/detail/CVE-2018-15756
pivotal.io/security/cve-2018-15756

Code Behaviors & Features

Detect and mitigate CVE-2018-15756 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →