GSD-2017-4971
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-4971",
"description": "An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.",
"id": "GSD-2017-4971"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-4971"
],
"details": "An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.",
"id": "GSD-2017-4971",
"modified": "2023-12-13T01:21:02.567718Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Web Flow",
"version": {
"version_data": [
{
"version_value": "Spring Web Flow"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Binding Expression Vulnerability in Spring Web Flow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98785"
},
{
"name": "https://pivotal.io/security/cve-2017-4971",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4971"
},
{
"name": "https://jira.spring.io/browse/SWF-1700",
"refsource": "CONFIRM",
"url": "https://jira.spring.io/browse/SWF-1700"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.4.0,2.4.2],[2.4.4]",
"affected_versions": "All versions starting from 2.4.0 up to 2.4.2, version 2.4.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-1188",
"CWE-937"
],
"date": "2019-10-03",
"description": "Applications that do not change the value of the `MvcViewFactoryCreator` `useSpringBinding` property which is disabled by default (`i.e.`, set to `false`) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.",
"fixed_versions": [
"2.4.5.RELEASE"
],
"identifier": "CVE-2017-4971",
"identifiers": [
"CVE-2017-4971"
],
"not_impacted": "All versions before 2.4.0, all versions after 2.4.2 before 2.4.4, all versions after 2.4.4",
"package_slug": "maven/org.springframework.webflow/spring-webflow",
"pubdate": "2017-06-13",
"solution": "Upgrade to version 2.4.5.RELEASE or above.",
"title": "Data Binding Expression Vulnerability",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-4971",
"http://www.securityfocus.com/bid/98785",
"https://jira.spring.io/browse/SWF-1700",
"https://pivotal.io/security/cve-2017-4971",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4971"
],
"uuid": "97067195-961a-48dc-bf3f-733883805306"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pivotal:spring_web_flow:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pivotal:spring_web_flow:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pivotal:spring_web_flow:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pivotal:spring_web_flow:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2017-4971"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to \u0027false\u0027) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-4971",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4971"
},
{
"name": "https://jira.spring.io/browse/SWF-1700",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://jira.spring.io/browse/SWF-1700"
},
{
"name": "98785",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98785"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-06-13T06:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…