FKIE_CVE-2017-8046

Vulnerability from fkie_nvd - Published: 2018-01-04 06:29 - Updated: 2024-11-21 03:33
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
References
security_alert@emc.comhttp://www.securityfocus.com/bid/100948Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2405
security_alert@emc.comhttps://pivotal.io/security/cve-2017-8046Vendor Advisory
security_alert@emc.comhttps://www.exploit-db.com/exploits/44289/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100948Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2405
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2017-8046Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/44289/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
vmware spring_boot *
vmware spring_boot 2.0.0
vmware spring_boot 2.0.0
vmware spring_boot 2.0.0
vmware spring_boot 2.0.0
vmware spring_boot 2.0.0
pivotal_software spring_data_rest *
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest 3.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D178DD5-5C7C-4954-AE5C-7805EEE0869B",
              "versionEndExcluding": "1.5.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "141F2C99-AD34-4003-81D4-689F3F1A53ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "D7929E66-FCA2-4D1B-B29F-55BF70AF70C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "E6B93CDA-E5D9-4955-910A-22B38779F23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "F324F68E-CF50-4F2E-90E4-3620CE05A944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "C120785F-A827-4870-B33B-679367A9EB20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D3B917-F9C9-417C-830E-475DBFB58D07",
              "versionEndExcluding": "2.6.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB3CC672-C90E-40FD-890F-93C4F5338513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "360B3EDD-18D5-44D7-A998-89F55DD9F5E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "95140537-ECA9-4A68-BD05-AEE47C36DD94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*",
              "matchCriteriaId": "47F7A32E-5F18-4651-842D-968FE380AA98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*",
              "matchCriteriaId": "BCCDFF26-CF5B-44A6-8EDE-0A5353C669DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F1D52612-B862-4B71-A7CA-03A32CB3B0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "89BE7C06-D620-4AB2-8388-4A9CCC6C5A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7BC56E79-77CE-4AFA-AF93-1B9FADE9F3CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."
    },
    {
      "lang": "es",
      "value": "Las peticiones PATCH maliciosas enviadas a servidores que utilizan versiones Spring Data REST anteriores a la 2.6.9 (Ingalls SR9), versiones anteriores a la 3.0.1 (Kay SR1) y versiones Spring Boot anteriores a la 1.5.9, 2.0 M6 pueden utilizar datos JSON especialmente dise\u00f1ados para ejecutar c\u00f3digo Java arbitrario."
    }
  ],
  "id": "CVE-2017-8046",
  "lastModified": "2024-11-21T03:33:12.757",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-04T06:29:00.307",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100948"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:2405"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2017-8046"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44289/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:2405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2017-8046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44289/"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.