CVE-2017-8046

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 04-01-2018 07:29

Last modified: - 07-04-2022 05:03

Total changes: - 2

Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=vmware AND product=spring_boot AND version=2.0.0 AND update=milestone2

vendor=vmware AND product=spring_boot AND version=2.0.0 AND update=milestone3

vendor=vmware AND product=spring_boot AND version=2.0.0 AND update=milestone4

vendor=vmware AND product=spring_boot AND version=2.0.0 AND update=milestone5

vendor=vmware AND product=spring_boot AND versionEndExcluding=1.5.9

vendor=vmware AND product=spring_boot AND version=2.0.0 AND update=milestone1

vendor=pivotal_software AND product=spring_data_rest AND versionEndExcluding=2.6.9

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=m3

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=m4

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=rc2

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=rc3

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=rc1

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=m1

vendor=pivotal_software AND product=spring_data_rest AND version=3.0.0 AND update=m2

Reference

https://pivotal.io/security/cve-2017-8046
100948-Third Party Advisory, VDB Entry
44289-Third Party Advisory, VDB Entry
RHSA-2018:2405-

Keywords

CVE-2017-8046

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-8046

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures