CVE-2017-8046: CVE-2017-8046

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-8046

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Pivotal Spring Data REST、Spring Boot和Spring Data 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Pivotal Spring Data REST、Spring Boot和Spring Data都是美国Pivotal Software公司的产品。Pivotal Spring Data REST是一个建立在Spring Data存储库之上的用于分析应用程序的域模型并公开超媒体驱动的HTTP资源。Spring Boot是一个用来简化新Spring应用的初始搭建以及开发过程的全新框架。Spring Data是一个为数据访问提供基于Spring模型的项目。 Pivotal Spring Data REST、S

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Pivotal	Pivotal Spring Data REST and Spring Boot	Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6	-

II. Public POCs for CVE-2017-8046

#	POC Description	Source Link	Shenlong Link
1	SPRING DATA REST CVE-2017-8046 DEMO	https://github.com/Soontao/CVE-2017-8046-DEMO	POC Details
2	Fork of github.com/spring-projects/spring-data-rest (vulnerable to CVE-2017-8046)	https://github.com/sj/spring-data-rest-CVE-2017-8046	POC Details
3	WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk!	https://github.com/m3ssap0/SpringBreakVulnerableApp	POC Details
4	This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).	https://github.com/m3ssap0/spring-break_cve-2017-8046	POC Details
5	PoC for SpringBreak (CVE-2017-8046)	https://github.com/FixYourFace/SpringBreakPoC	POC Details
6	This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).	https://github.com/jkutner/spring-break-cve-2017-8046	POC Details
7	None	https://github.com/bkhablenko/CVE-2017-8046	POC Details
8	cve-2017-8046	https://github.com/cved-sources/cve-2017-8046	POC Details
9	An intentionally vulnerable (CVE-2017-8046) SrpingData REST appl with Swagger Support for pentesting purposes	https://github.com/jsotiro/VulnerableSpringDataRest	POC Details
10	修改IP地址即可实现命令执行	https://github.com/guanjivip/CVE-2017-8046	POC Details
11	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Data%20Rest%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-8046.md	POC Details
12		https://github.com/vulhub/vulhub/blob/master/spring/CVE-2017-8046/README.md	POC Details
13	Spring Data REST < 2.6.9 and 3.0.1, Spring Boot < 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-8046.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-8046

Please Login to view more intelligence information

https://pivotal.io/security/cve-2017-8046x_refsource_CONFIRM
https://www.exploit-db.com/exploits/44289/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/100948vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2405vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2017-8046

IV. Related Vulnerabilities

Same vendor: Pivotal

V. Comments for CVE-2017-8046

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2017-8046

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-8046

III. Intelligence Information for CVE-2017-8046

IV. Related Vulnerabilities

V. Comments for CVE-2017-8046

Leave a comment