9.8

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareSpring Boot Version < 1.5.9
VMwareSpring Boot Version2.0.0 Updatemilestone1
VMwareSpring Boot Version2.0.0 Updatemilestone2
VMwareSpring Boot Version2.0.0 Updatemilestone3
VMwareSpring Boot Version2.0.0 Updatemilestone4
VMwareSpring Boot Version2.0.0 Updatemilestone5
Pivotal SoftwareSpring Data Rest Version3.0.0 Updatem1
Pivotal SoftwareSpring Data Rest Version3.0.0 Updatem2
Pivotal SoftwareSpring Data Rest Version3.0.0 Updatem3
Pivotal SoftwareSpring Data Rest Version3.0.0 Updatem4
VMwareSpring Data Rest Version < 2.6.9
VMwareSpring Data Rest Version3.0.0 Updaterc1
VMwareSpring Data Rest Version3.0.0 Updaterc2
VMwareSpring Data Rest Version3.0.0 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 74.36% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/100948
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2405
https://pivotal.io/security/cve-2017-8046
Vendor Advisory
https://www.exploit-db.com/exploits/44289/
Third Party Advisory
VDB Entry