All the vulnerabilites related to Pivotal - Pivotal Spring Data REST and Spring Boot
cve-2017-8046
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
References
▼ | URL | Tags |
---|---|---|
https://pivotal.io/security/cve-2017-8046 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2405 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/100948 | vdb-entry, x_refsource_BID | |
https://www.exploit-db.com/exploits/44289/ | exploit, x_refsource_EXPLOIT-DB |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Pivotal | Pivotal Spring Data REST and Spring Boot |
Version: Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:19:29.628Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://pivotal.io/security/cve-2017-8046" }, { "name": "RHSA-2018:2405", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "name": "100948", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100948" }, { "name": "44289", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44289/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Pivotal Spring Data REST and Spring Boot", "vendor": "Pivotal", "versions": [ { "status": "affected", "version": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6" } ] } ], "datePublic": "2018-01-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code." } ], "problemTypes": [ { "descriptions": [ { "description": "run arbitrary Java code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-15T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://pivotal.io/security/cve-2017-8046" }, { "name": "RHSA-2018:2405", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "name": "100948", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100948" }, { "name": "44289", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44289/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8046", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Pivotal Spring Data REST and Spring Boot", "version": { "version_data": [ { "version_value": "Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6" } ] } } ] }, "vendor_name": "Pivotal" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "run arbitrary Java code" } ] } ] }, "references": { "reference_data": [ { "name": "https://pivotal.io/security/cve-2017-8046", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2017-8046" }, { "name": "RHSA-2018:2405", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "name": "100948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100948" }, { "name": "44289", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44289/" } ] } } } }, "cveMetadata": { "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8046", "datePublished": "2018-01-04T06:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }