CVE-2017-8046 Pivotal Spring Data REST Vulnerability

Question

I can't find any information about this CVE on Dev Central.  Is this CVE something that f5 ASM already has signature(s) for?  Any information would be greatly appreciated.&nbsp;
Thank you.&nbsp;

samstep · Answer

Jamie, I believe that the exploit code for this CVE has not yet been published, so no signature is available yet. To remediate this vulnerability you can do two things for now:&nbsp;
Disable HTTP Method "PATCH" from the list of allowed methods on your ASM policy (if enabled) - check with your application developers that they are actually using it and it is needed first
Ask application owners to update the version of Spring framework on the backend servers to the latest one which fixes this vulnerability, these are:&nbsp;

Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017)&nbsp;

Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017)&nbsp;

Spring Boot 1.5.9 (Oct, 28th 2017)&nbsp;

Spring Boot 2.0 M6 (Nov. 6th 2017)&nbsp;

devin_m__351818 · Answer

Has the status for this vulnerability remained the same or is there an update?&nbsp;

Forum Discussion

CVE-2017-8046 Pivotal Spring Data REST Vulnerability

2 Replies

Recent Discussions

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Disk space full - what files, folders are safe to delete?

Converting config to DO

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Evolving Programmability with Pivotal Cloud Foundry

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat