Vulnerability-Lookup

CNVD-2017-09167

Vulnerability from cnvd - Published: 2017-06-12

Title

Pivotal Spring Web Flow远程代码执行漏洞

Description

Pivotal Spring Web Flow是美国Pivotal Software公司的一款Web应用程序，可提供登机手续办理、贷款申请或购物车结算等导航。 Pivotal Spring Web Flow 2.4.0至2.4.4版本中存在远程代码执行漏洞。由于在的数据绑定上未能指定相关的具体属性，从而导致恶意的表达式可以通过表单提交并且被执行，攻击者可利用漏洞执行任意代码。

Severity

中

Patch Name

Pivotal Spring Web Flow远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://pivotal.io/security/cve-2017-4971

Reference

http://www.securityfocus.com/bid/98785

Impacted products

Name
['Pivotal Software Spring Web Flow 2.4.4', 'Pivotal Software Spring Web Flow 2.4.3', 'Pivotal Software Spring Web Flow 2.4.2', 'Pivotal Software Spring Web Flow 2.4.1', 'Pivotal Software Spring Web Flow 2.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4971"
    }
  },
  "description": "Pivotal Spring Web Flow\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\uff0c\u53ef\u63d0\u4f9b\u767b\u673a\u624b\u7eed\u529e\u7406\u3001\u8d37\u6b3e\u7533\u8bf7\u6216\u8d2d\u7269\u8f66\u7ed3\u7b97\u7b49\u5bfc\u822a\u3002\r\n\r\nPivotal Spring Web Flow 2.4.0\u81f32.4.4\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u7531\u4e8e\u5728\u7684\u6570\u636e\u7ed1\u5b9a\u4e0a\u672a\u80fd\u6307\u5b9a\u76f8\u5173\u7684\u5177\u4f53\u5c5e\u6027\uff0c\u4ece\u800c\u5bfc\u81f4\u6076\u610f\u7684\u8868\u8fbe\u5f0f\u53ef\u4ee5\u901a\u8fc7\u8868\u5355\u63d0\u4ea4\u5e76\u4e14\u88ab\u6267\u884c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Stefano Ciccone of Gotham Digital Science.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://pivotal.io/security/cve-2017-4971",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09167",
  "openTime": "2017-06-12",
  "patchDescription": "Pivotal Spring Web Flow\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\uff0c\u53ef\u63d0\u4f9b\u767b\u673a\u624b\u7eed\u529e\u7406\u3001\u8d37\u6b3e\u7533\u8bf7\u6216\u8d2d\u7269\u8f66\u7ed3\u7b97\u7b49\u5bfc\u822a\u3002\r\n\r\nPivotal Spring Web Flow 2.4.0\u81f32.4.4\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u7531\u4e8e\u5728\u7684\u6570\u636e\u7ed1\u5b9a\u4e0a\u672a\u80fd\u6307\u5b9a\u76f8\u5173\u7684\u5177\u4f53\u5c5e\u6027\uff0c\u4ece\u800c\u5bfc\u81f4\u6076\u610f\u7684\u8868\u8fbe\u5f0f\u53ef\u4ee5\u901a\u8fc7\u8868\u5355\u63d0\u4ea4\u5e76\u4e14\u88ab\u6267\u884c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Spring Web Flow\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Spring Web Flow 2.4.4",
      "Pivotal Software Spring Web Flow 2.4.3",
      "Pivotal Software Spring Web Flow 2.4.2",
      "Pivotal Software Spring Web Flow 2.4.1",
      "Pivotal Software Spring Web Flow 2.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/98785",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-08",
  "title": "Pivotal Spring Web Flow\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-4971 (GCVE-0-2017-4971)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47

Summary

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.

Severity ?

No CVSS data available.

CWE

Data Binding Expression Vulnerability in Spring Web Flow

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/98785	vdb-entryx_refsource_BID
	https://pivotal.io/security/cve-2017-4971	x_refsource_CONFIRM
	https://jira.spring.io/browse/SWF-1700	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Spring Web Flow	Affected: Spring Web Flow

Date Public ?

2017-06-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:44.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98785",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98785"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2017-4971"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.spring.io/browse/SWF-1700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Web Flow",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Web Flow"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Binding Expression Vulnerability in Spring Web Flow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T09:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "98785",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98785"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2017-4971"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.spring.io/browse/SWF-1700"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-4971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Web Flow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring Web Flow"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Binding Expression Vulnerability in Spring Web Flow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98785",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98785"
            },
            {
              "name": "https://pivotal.io/security/cve-2017-4971",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2017-4971"
            },
            {
              "name": "https://jira.spring.io/browse/SWF-1700",
              "refsource": "CONFIRM",
              "url": "https://jira.spring.io/browse/SWF-1700"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-4971",
    "datePublished": "2017-06-13T06:00:00.000Z",
    "dateReserved": "2016-12-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:47:44.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-09167

CVE-2017-4971 (GCVE-0-2017-4971)

Tags

Sightings

Nomenclature