CVE-2018-1274
Denial of Service vulnerability in spring-data-commons (Maven)
What is CVE-2018-1274 About?
Spring Data Commons contains a property path parser vulnerability that can lead to a Denial of Service (DoS) due to unlimited resource allocation. An unauthenticated remote attacker can exploit this by issuing specially crafted requests to Spring Data REST endpoints. This vulnerability is moderately easy to exploit, as it relies on specific request patterns.
Affected Software
- org.springframework.data:spring-data-commons
- <1.13.11
- >2.0.0, <2.0.6
Technical Details
The Denial of Service vulnerability in Spring Data Commons stems from a flaw in its property path parser, which lacks proper resource allocation limits. When processing requests against Spring Data REST endpoints or any endpoint utilizing property path parsing, specially crafted malicious requests can trigger the parser to consume excessive CPU and memory resources. This unlimited resource allocation eventually leads to resource exhaustion, causing the application to become unresponsive and resulting in a denial of service for legitimate users. The vulnerability is triggered by the structure of the property path within the request, which can force the parser into an inefficient or recursive processing state.
What is the Impact of CVE-2018-1274?
Successful exploitation may allow attackers to consume excessive system resources, leading to a denial of service and disrupting the availability of the application.
What is the Exploitability of CVE-2018-1274?
Exploitation for this Denial of Service vulnerability is of moderate complexity. It can be performed by an unauthenticated remote attacker. There are no authentication or privilege prerequisites needed to trigger the resource exhaustion. The attack vector is remote, targeting Spring Data REST endpoints or other endpoints that use property path parsing. The primary prerequisite is that the application uses an affected version of Spring Data Commons and exposes such endpoints. Risk factors that increase the likelihood of exploitation include publicly exposed Spring Data REST endpoints and a lack of request rate limits or resource monitoring on the server, which would make it easier for an attacker to initiate and sustain the resource consumption.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-1274?
Available Upgrade Options
- org.springframework.data:spring-data-commons
- <1.13.11 → Upgrade to 1.13.11
- org.springframework.data:spring-data-commons
- >2.0.0, <2.0.6 → Upgrade to 2.0.6
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/spring-projects/spring-data-commons/commit/3d8576fe4e4e71c23b9e6796b32fd56e51182ee
- https://pivotal.io/security/cve-2018-1274
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fba
- https://github.com/advisories/GHSA-5q8m-mqmx-pxp9
- https://pivotal.io/security/cve-2018-1274
- http://www.securityfocus.com/bid/103769
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-1274
- http://www.securityfocus.com/bid/103769
What are Similar Vulnerabilities to CVE-2018-1274?
Similar Vulnerabilities: CVE-2017-8046 , CVE-2018-1271 , CVE-2018-1273 , CVE-2019-11267 , CVE-2020-5407
