CVE-2017-8046
Description
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
- CVSS Version 3.0
- CVSS Version 2.0
CVE ID: CVE-2017-8046
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID: CVE-2017-8046
Base Score: 7.5
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:P/I:P/A:P
Proof Of Concept
Soontao
SPRING DATA REST CVE-2017-8046 DEMO
Refrence: GitHub
sj
Fork of github.com/spring-projects/spring-data-rest (vulnerable to CVE-2017-8046)
Refrence: GitHub
m3ssap0
WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk!
Refrence: GitHub
m3ssap0
This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).
Refrence: GitHub
FixYourFace
PoC for SpringBreak (CVE-2017-8046)
Refrence: GitHub
jkutner
This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).
Refrence: GitHub
bkhablenko
Refrence: GitHub
cved-sources
cve-2017-8046
Refrence: GitHub
jsotiro
An intentionally vulnerable (CVE-2017-8046) SrpingData REST appl with Swagger Support for pentesting purposes
Refrence: GitHub
guanjivip
修改IP地址即可实现命令执行
Refrence: GitHub
Refrence: NVD