CVE-2017-8046

NONE EPSS 99.4%
Published Jan 4, 20188y ago · Modified Jun 26, 20264d ago
Find Similar
Published Jan 4, 2018 8y ago
Last Modified Jun 26, 2026 4d ago

Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Threat Intelligence

EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 15

VendorProductVersionRange
vmwarespring_boot* <1.5.9
vmwarespring_boot2.0.0any
vmwarespring_boot2.0.0any
vmwarespring_boot2.0.0any
vmwarespring_boot2.0.0any
vmwarespring_boot2.0.0any
pivotal_softwarespring_data_rest3.0.0any
pivotal_softwarespring_data_rest3.0.0any
pivotal_softwarespring_data_rest3.0.0any
pivotal_softwarespring_data_rest3.0.0any
pivotal_softwarespring_data_rest3.0.0any
vmwarespring_data_rest* <2.6.9
vmwarespring_data_rest3.0.0any
vmwarespring_data_rest3.0.0any
vmwarespring_data_rest3.0.0any

References 4

  • securityfocus.com http://www.securityfocus.com/bid/100948
    Third Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:2405
  • pivotal.io https://pivotal.io/security/cve-2017-8046
    Vendor Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/44289/
    Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.