|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-05-25 | |
| Rule Name: | Spring Data REST PATCH Request Remote Code Execution Vulnerability (CVE-2017-8046) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux | |
| Reference: | SecurityFocusBID:100948 ExploitDB:44289 https://access.redhat.com/errata/RHSA-2018:2405 https://pivotal.io/security/cve-2017-8046 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://pivotal.io/security/cve-2017-8046 |