Security Bulletin: Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool

Summary

A Security vulnerability in Spring Framework, from Pivotal, used by IBM Rational License Key Server Administration & Reporting Tool has been published. Required remediation has been addressed by IBM Rational License Key Server Administration & Reporting Tool team.

Vulnerability Details

CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/151641&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products and Versions

• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5
• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.1
• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.2
• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.3
• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.4
• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.5
• IBM Rational License Key Server Administration & Reporting Tool version 8.1.5.6

Remediation/Fixes

Upgrade to the IBM Rational License Key Server Administration & Reporting Tool version 8.1.6 (or later). It can be downloaded here.

Workarounds and Mitigations

None