Threat Encyclopedia

Pivotal.Spring.PATCH.Request.Handling.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Pivotal Spring.
The vulnerability is due to insufficient sanitizing of HTTP PATCH requests in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via crafted HTTP requests.

affected-products-logoAffected Products

Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3
Spring Boot versions prior to 2.0.0M4
Spring Data release trains prior to Kay-RC3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://pivotal.io/security/cve-2017-8046

CVE References

CVE-2017-8046