CVE-2017-8046
NONE EPSS 99.4%
Published Jan 4, 20188y ago · Modified Jun 26, 20264d ago
Published Jan 4, 2018 8y ago
Last Modified Jun 26, 2026 4d ago
Description
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Threat Intelligence
EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 15
| Vendor | Product | Version | Range |
|---|---|---|---|
| vmware | spring_boot | * | <1.5.9 |
| vmware | spring_boot | 2.0.0 | any |
| vmware | spring_boot | 2.0.0 | any |
| vmware | spring_boot | 2.0.0 | any |
| vmware | spring_boot | 2.0.0 | any |
| vmware | spring_boot | 2.0.0 | any |
| pivotal_software | spring_data_rest | 3.0.0 | any |
| pivotal_software | spring_data_rest | 3.0.0 | any |
| pivotal_software | spring_data_rest | 3.0.0 | any |
| pivotal_software | spring_data_rest | 3.0.0 | any |
| pivotal_software | spring_data_rest | 3.0.0 | any |
| vmware | spring_data_rest | * | <2.6.9 |
| vmware | spring_data_rest | 3.0.0 | any |
| vmware | spring_data_rest | 3.0.0 | any |
| vmware | spring_data_rest | 3.0.0 | any |
References 4
- securityfocus.com http://www.securityfocus.com/bid/100948
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:2405
- pivotal.io https://pivotal.io/security/cve-2017-8046
- exploit-db.com https://www.exploit-db.com/exploits/44289/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.