The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Spring Framework: denial of service via Complex Range Requests

Synthesis of the vulnerability 

An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service.
Vulnerable systems: QRadar SIEM, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Oracle Virtual Directory, WebLogic, Percona Server, Spring Framework.
Severity of this threat: 2/4.
Creation date: 17/10/2018.
Références of this weakness: CERTFR-2019-AVI-331, cpujan2020, cpujul2019, cpuoct2019, CVE-2018-15756, ibm10957141, VIGILANCE-VUL-27548.

Description of the vulnerability 

An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as QRadar SIEM, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Oracle Virtual Directory, WebLogic, Percona Server, Spring Framework.

Our Vigil@nce team determined that the severity of this security note is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

Spring Framework: version 5.1.1.
The version 5.1.1 is fixed:
  https://pivotal.io/

Spring Framework: version 5.0.10.
The version 5.0.10 is fixed:
  https://pivotal.io/

Spring Framework: version 4.3.20.
The version 4.3.20 is fixed:
  https://pivotal.io/

IBM QRadar SIEM: patch for Spring Framework.
A patch is indicated in information sources.

MariaDB: version 10.1.41.
The version 10.1.41 is fixed:
  https://downloads.mariadb.org/mariadb/10.1.41

MariaDB: version 10.2.26.
The version 10.2.26 is fixed:
  https://downloads.mariadb.org/mariadb/10.2.26

MariaDB: version 10.3.17.
The version 10.3.17 is fixed:
  https://downloads.mariadb.org/mariadb/10.3.17

MariaDB: version 10.4.7.
The version 10.4.7 is fixed:
  https://downloads.mariadb.org/mariadb/10.4.7

MariaDB: version 5.5.65.
The version 5.5.65 is fixed:
  https://downloads.mariadb.org/mariadb/5.5.65

MySQL: version 5.6.45.
The version 5.6.45 is fixed:
  https://support.oracle.com/rs?type=doc&id=2559865.1
  https://dev.mysql.com/downloads/
  https://www.mysql.com/fr/

MySQL: version 5.7.27.
The version 5.7.27 is fixed:
  https://support.oracle.com/rs?type=doc&id=2559865.1
  https://dev.mysql.com/downloads/
  https://www.mysql.com/fr/

MySQL: version 8.0.17.
The version 8.0.17 is fixed:
  https://support.oracle.com/rs?type=doc&id=2559865.1
  https://dev.mysql.com/downloads/
  https://www.mysql.com/fr/

Oracle Communications: CPU of January 2020.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2625594.1
  https://support.oracle.com/rs?type=doc&id=2626101.1
  https://support.oracle.com/rs?type=doc&id=2628576.1
  https://support.oracle.com/rs?type=doc&id=2626102.1
  https://support.oracle.com/rs?type=doc&id=2622427.1
  https://support.oracle.com/rs?type=doc&id=2595443.1
  https://support.oracle.com/rs?type=doc&id=2595442.1
  https://support.oracle.com/rs?type=doc&id=2617852.1
  https://support.oracle.com/rs?type=doc&id=2626103.1

Oracle Communications: CPU of July 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2559239.1
  https://support.oracle.com/rs?type=doc&id=2563691.1
  https://support.oracle.com/rs?type=doc&id=2559240.1
  https://support.oracle.com/rs?type=doc&id=2559722.1
  https://support.oracle.com/rs?type=doc&id=2559225.1
  https://support.oracle.com/rs?type=doc&id=2559721.1
  https://support.oracle.com/rs?type=doc&id=2559256.1
  https://support.oracle.com/rs?type=doc&id=2559242.1
  https://support.oracle.com/rs?type=doc&id=2559243.1
  https://support.oracle.com/rs?type=doc&id=2559648.1

Oracle Fusion Middleware: CPU of July 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2534806.1

Oracle Fusion Middleware: CPU of October 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2568292.1

Percona Server: version 5.6.45-86.1.
The version 5.6.45-86.1 is fixed:
  https://www.percona.com/

Percona Server: version 5.7.27-30.
The version 5.7.27-30 is fixed:
  https://www.percona.com/

Percona Server: version 8.0.17-8.
The version 8.0.17-8 is fixed:
  https://www.percona.com/

Percona XtraDB Cluster: version 5.6.45-28.36.
The version 5.6.45-28.36 is fixed:
  https://www.percona.com/

Percona XtraDB Cluster: version 5.7.27-31.39.
The version 5.7.27-31.39 is fixed:
  https://www.percona.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities database. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.