Exploit for #VU11761 Improper input validation in Pivotal Spring Data REST and Pivotal Spring Boot

Vulnerability identifier: #VU11761

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2017-8046

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 4

• June 17, 2021
  • Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution [Exploit-DB]
• April 7, 2020
  • SpringBreakVulnerableApp (WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk!) [Github]
  • spring-break-cve-2017-8046 (This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).) [Github]
  • spring-break_cve-2017-8046 (This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).) [Github]

Vulnerable software:
Pivotal Spring Data REST
Server applications / Frameworks for developing and running applications
Pivotal Spring Boot
Server applications / Frameworks for developing and running applications

Vendor: Pivotal