CVE: 2018-15756 found in Spring Web MVC - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Web MVC
Description	Spring Web MVC
Language	JAVA
Vulnerability	Denial Of Service (DoS)
Vulnerability description	spring-web is vulnerable to denial of service (DoS). A malicious user can pass a HTTP request containing a header with overlapping ranges, leading to an error which would crash the service.
CVE	2018-15756
CVSS score	5
Vulnerability present in version/s	4.3.0.RELEASE-4.3.19.RELEASE
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	4.3.20.RELEASE
Library latest version	6.1.1
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/949?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/7620
• Patch:

[github-actions[bot]]

Veracode issue link to PR: https://github.com/veracode-repository-ruleset/verademo-java-maven/pull/54