Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreApplications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.
Spring Framework
Affected version(s) | Fix version | Availability |
---|---|---|
6.1.x | 6.1.12 | OSS |
6.0.x | 6.0.23 | OSS |
5.3.x | 5.3.38 | OSS |
No other mitigation steps are necessary.
Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter
.
This issue was responsibly reported by Seokchan Yoon.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy