← volver
CVE-2017-8046

CVE-2017-8046

EPSS 72.8%
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
Productos afectados
Pivotal · Pivotal Spring Data REST and Spring Boot
PoCs públicas encontradas12
githubgithub.com/m3ssap0/spring-break_cve-2017-804617githubgithub.com/m3ssap0/SpringBreakVulnerableApp14githubgithub.com/Soontao/CVE-2017-8046-DEMO2githubgithub.com/jkutner/spring-break-cve-2017-80461githubgithub.com/cved-sources/cve-2017-80461githubgithub.com/sj/spring-data-rest-CVE-2017-80461githubgithub.com/FixYourFace/SpringBreakPoC1githubgithub.com/jsotiro/VulnerableSpringDataRest0githubgithub.com/guanjivip/CVE-2017-80460githubgithub.com/bkhablenko/CVE-2017-80460exploitdbwww.exploit-db.com/exploits/44289no verificadocve_referencewww.exploit-db.com/exploits/44289/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2018:2405https://pivotal.io/security/cve-2017-8046https://www.exploit-db.com/exploits/44289/http://www.securityfocus.com/bid/100948