All the vulnerabilites related to Pivotal - Pivotal Spring Data REST and Spring Boot
cve-2017-8046
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-08-05 16:19
Severity ?
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
References
https://pivotal.io/security/cve-2017-8046x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2405vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/100948vdb-entry, x_refsource_BID
https://www.exploit-db.com/exploits/44289/exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2017-8046"
          },
          {
            "name": "RHSA-2018:2405",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2405"
          },
          {
            "name": "100948",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100948"
          },
          {
            "name": "44289",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44289/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pivotal Spring Data REST and Spring Boot",
          "vendor": "Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6"
            }
          ]
        }
      ],
      "datePublic": "2018-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "run arbitrary Java code",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2017-8046"
        },
        {
          "name": "RHSA-2018:2405",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2405"
        },
        {
          "name": "100948",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100948"
        },
        {
          "name": "44289",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44289/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pivotal Spring Data REST and Spring Boot",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "run arbitrary Java code"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2017-8046",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2017-8046"
            },
            {
              "name": "RHSA-2018:2405",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2405"
            },
            {
              "name": "100948",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100948"
            },
            {
              "name": "44289",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44289/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8046",
    "datePublished": "2018-01-04T06:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}