7.5
CVSSv2

CVE-2017-8046

Published: 04/01/2018 Updated: 15/08/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 762
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Malicious PATCH requests submitted to servers using Spring Data REST versions before 2.6.9 (Ingalls SR9), versions before 3.0.1 (Kay SR1) and Spring Boot versions before 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Vulnerability Trend

Affected Products

Vendor Product Versions
Pivotal SoftwareSpring Boot0.5.0, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 2.0.0
Pivotal SoftwareSpring Data Rest1.0.0, 1.1.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.4.2, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.6, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 3.0.0

Vendor Advisories

Synopsis Critical: Red Hat FIS 20 on Fuse 630 R7 security and bug fix update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 269 (Ingalls SR9), versions prior to 301 (Kay SR1) and Spring Boot versions prior to 159, 20 M6 can use specially crafted JSON data to run arbitrary Java code ...

Exploits

// Exploit Title: RCE in PATCH requests in Spring Data REST // Date: 2018-03-10 // Exploit Author: Antonio Francesco Sardella // Vendor Homepage: pivotalio/ // Software Link: projectsspringio/spring-data-rest/ // Version: Spring Data REST versions prior to 269 (Ingalls SR9), 301 (Kay SR1) // Tested on: 'Microsoft Windows 7' a ...

Mailing Lists

Spring Data REST versions prior to 269 (Ingalls SR9) and 301 (Kay SR1) suffer from a PATCH request remote code execution vulnerability ...

Github Repositories

Spring Break Vulnerable Application This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046) WARNING! This application contains serious security vulnerabilities Run it at your own risk! It is recommended using a backed-up and sheltered environment (such as a VM with a recent snapshot and host-only networking) Do not upload this

CVE-2017-8046 (Spring Break) This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046) Disclaimer This tool is intended for security engineers and appsec guys for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one uses this application I am NOT responsible for any damages caused or any crimes

CVE-2017-8046 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2017-8046 Image author: githubcom/Medicean/VulApps/tree/master/s/spring/1

spring data rest CVE-2017-8046 demo test please UPGRADE spring data rest NOW steps 启动本应用 创建test instance POST /entityPersons/ HTTP/11 Host: localhost:8080 Content-Type: application/json Cache-Control: no-cache { "firstName":"f2" } 利用spel注入, 会启动C:\Windows\system32\calcexe PATCH /entityPersons/1 HTTP/11 Host: local

Spring Data REST The goal of the project is to provide a flexible and configurable mechanism for writing simple services that can be exposed over HTTP The first exporter implemented is a JPA Repository exporter This takes your JPA repositories and front-ends them with HTTP, allowing you full CRUD capability over your entities, to include managing associations Installati

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit B-ROM and B-ROM 添加项目文件。 … 50fcc1e 15 minutes ago 添加项目文件。 50fcc1e Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time base64 添加项目文件。 15 minutes ago .gitattributes 添加 .gitignore 和 .gitattributes。 15 minutes ago .gitignore 添加 .gitignore 和 .gitattributes。 15 minutes ago CVE-2017-8046.cpp 添加项目文件。 15 minutes ago CVE-2017-8046.sln 添加项目文件。 15 minutes ago CVE-2017-8046.vcxproj 添加项目文件。 15 minutes ago CVE-2017-8046.vcxproj.filters 添加项目文件。 15 minutes ago View code About 修改IP地址即可实现命令执行 Releases No releases published Languages C++ 100.0%

spring-break_cve-2017-8046 This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046) This software is written to have as less external dependencies as possible DISCLAIMER This tool is intended for security engineers and appsec guys for security assessments Please use this tool responsibly I do not take responsibility for the way in which any one uses t

SpringBreakPoC I needed a tool to test several different endpoints for the recently disclosed SpringBreak vulnerability (CVE-2017-8046) and couldn't find one, so I threw this together Usage _______ _______ _______ _________ _ _______ ______ _______ _______ _______ _ ( ____ \( ____ )( ____ )\__ __/( ( /|( ____ \( ___ \ ( ____ )( ____ \( ___ )|

Vulnerable Spring DataRest App This is an intentionally Spring Data REST Application to test and demostrate the CVE-2017-8046 vulnerability and the challenges of testing Command Injection and Remote Code Execution via REST apis It has support for Swagger UI to use with tools where Swagger documention helps discovery and spidering, such as the OWASP Zend Attack Proxy (ZAP) plugi

JAVA_WEB_APPLICATION_COLLECTION CVE: CVE-2017-8046: Spring Data Rest RCE githubcom/vulhub/vulhub/tree/master/spring/CVE-2017-8046 CVE-2018-1196: Symlink privilege escalation attack via Spring Boot launch script

DISCLAIMER: This repository is supplementary to the VGS blog post, How to Avoid "Using Components with Known Vulnerabilities" It contains an application with a known security vulnerability (namely, CVE-2017-8046), as well as the description of how to exploit it Use the application at your own risk! Setting Up First, start the application by executing the following c

N-MiddlewareScan 魔改,自写的一款中间件漏洞扫描脚本 最近在看web中间件的漏洞 看到一个三年前的脚本:githubcom/ywolf/F-MiddlewareScan 想着自己写一个中间件相关的,正是脚本好写,poc和exp难 github链接:githubcom/nihaohello/N-MiddlewareScan #plugins vuln poc exp 主要是下面模块: 1axis xss

Struts2の脆弱性S2-054, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告 要点だけまとめ、読みやすくしたサマリ記事を公開しました。まず概要を知りたい方、あるいはお時間に余裕の無い方におすすめです。 SSTtechlog 08 S2-054, S2-055 および jackson-databindの脆弱性 CVE-2017-7525, C

我的漏洞复现记录(持续更新中) CVE-NO STATUS RESULT REFERENCE 中间件漏洞 Tomcat 7086 CVE-2016-5003 FINISH FAIL 0ang3elblogspotru/2016/07/beware-of-ws-xmlrpc-library-in-yourhtml CVE-2016-5002 FINISH PASS 0ang3elblogspotru/2016/07/beware-of-ws-xmlrpc-library-in-yourhtml 8036 CVE-2016-8735 FINISH PASS gv7me/articles

No description, website, or topics provided.

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Spring break! Critical vuln in Pivotal framework's Data parts plugged
The Register • John Leyden • 05 Mar 2018

Similar to Apache Struts flaw that stuffed Equifax

Pivotal Labs' Spring Data REST project has a serious security hole that needs patching.
Pivotal's Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used.
The critically rated remote code execution vulnerability (CVE-2017-8046) was discovered by security researchers at Semmle, who went publ...