Vulnerability Description
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Boot | < 1.5.9 |
| Pivotal Software | Spring Data Rest | < 2.6.9 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100948Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2405
- https://pivotal.io/security/cve-2017-8046Vendor Advisory
- https://www.exploit-db.com/exploits/44289/Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/100948Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2405
- https://pivotal.io/security/cve-2017-8046Vendor Advisory
- https://www.exploit-db.com/exploits/44289/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-8046?
CVE-2017-8046 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use sp...
How severe is CVE-2017-8046?
CVE-2017-8046 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-8046?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Boot, Pivotal Software Spring Data Rest.