CVE-2017-8046

CVE Database · CVE-2017-8046

CVE-2017-8046

· N/AModified

CVSS v3.1

N/A

EPSS

72.78%

Published

Jan 4, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (3)

All weaponized →

Exploit-DBSpring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Weaknesses (CWE)

CWE-20

Affected Products (15)

vmware · spring_boot (up to 1.5.9)vulnerable

vmware · spring_bootvulnerable