Vulnerability-Lookup

CNVD-2017-35131

Vulnerability from cnvd - Published: 2017-11-27

Title

Pivotal Spring Web Flow不完整修复安全绕过漏洞

Description

Pivotal Spring Web Flow是美国Pivotal Software公司的一款Web应用程序，可提供登机手续办理、贷款申请或购物车结算等导航。 Pivotal Spring Web Flow存在不完整修复安全绕过漏洞。攻击者可以利用此问题绕过安全限制并执行未经授权的操作。

Severity

中

Patch Name

Pivotal Spring Web Flow不完整修复安全绕过漏洞的补丁

Patch Description

Pivotal Spring Web Flow是美国Pivotal Software公司的一款Web应用程序，可提供登机手续办理、贷款申请或购物车结算等导航。 Pivotal Spring Web Flow存在不完整修复安全绕过漏洞。攻击者可以利用此问题绕过安全限制并执行未经授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://pivotal.io/

Reference

http://www.securityfocus.com/bid/100849/

Impacted products

Name
['Pivotal Spring Web Flow 2.4.5', 'Pivotal Spring Web Flow 2.4.4', 'Pivotal Spring Web Flow 2.4.3', 'Pivotal Spring Web Flow 2.4.2', 'Pivotal Spring Web Flow 2.4.1', 'Pivotal Spring Web Flow 2.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100849"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8039"
    }
  },
  "description": "Pivotal Spring Web Flow\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\uff0c\u53ef\u63d0\u4f9b\u767b\u673a\u624b\u7eed\u529e\u7406\u3001\u8d37\u6b3e\u7533\u8bf7\u6216\u8d2d\u7269\u8f66\u7ed3\u7b97\u7b49\u5bfc\u822a\u3002 \r\n\r\nPivotal Spring Web Flow\u5b58\u5728\u4e0d\u5b8c\u6574\u4fee\u590d\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u95ee\u9898\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "he1renyagao",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://pivotal.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-35131",
  "openTime": "2017-11-27",
  "patchDescription": "Pivotal Spring Web Flow\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\uff0c\u53ef\u63d0\u4f9b\u767b\u673a\u624b\u7eed\u529e\u7406\u3001\u8d37\u6b3e\u7533\u8bf7\u6216\u8d2d\u7269\u8f66\u7ed3\u7b97\u7b49\u5bfc\u822a\u3002 \r\n\r\nPivotal Spring Web Flow\u5b58\u5728\u4e0d\u5b8c\u6574\u4fee\u590d\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u95ee\u9898\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Spring Web Flow\u4e0d\u5b8c\u6574\u4fee\u590d\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Spring Web Flow 2.4.5",
      "Pivotal Spring Web Flow 2.4.4",
      "Pivotal Spring Web Flow 2.4.3",
      "Pivotal Spring Web Flow 2.4.2",
      "Pivotal Spring Web Flow 2.4.1",
      "Pivotal Spring Web Flow 2.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/100849/",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-20",
  "title": "Pivotal Spring Web Flow\u4e0d\u5b8c\u6574\u4fee\u590d\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-8039 (GCVE-0-2017-8039)

Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 16:19

Summary

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.

Severity ?

No CVSS data available.

CWE

Data Binding Expression Vulnerability

Assigner

dell

References

URL

Tags

	https://pivotal.io/security/cve-2017-8039	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100849	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected	Affected: Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected

Date Public ?

2017-11-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2017-8039"
          },
          {
            "name": "100849",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100849"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected"
            }
          ]
        }
      ],
      "datePublic": "2017-11-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Binding Expression Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T10:57:02.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2017-8039"
        },
        {
          "name": "100849",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100849"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Binding Expression Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2017-8039",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2017-8039"
            },
            {
              "name": "100849",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100849"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8039",
    "datePublished": "2017-11-27T10:00:00.000Z",
    "dateReserved": "2017-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:19:29.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-35131

CVE-2017-8039 (GCVE-0-2017-8039)

Tags

Sightings

Nomenclature