Forum Discussion
2 Replies
Sort By
- samstepCirrocumulus
Jamie, I believe that the exploit code for this CVE has not yet been published, so no signature is available yet. To remediate this vulnerability you can do two things for now:
- Disable HTTP Method "PATCH" from the list of allowed methods on your ASM policy (if enabled) - check with your application developers that they are actually using it and it is needed first
-
Ask application owners to update the version of Spring framework on the backend servers to the latest one which fixes this vulnerability, these are:
-
Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017)
-
Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017)
-
Spring Boot 1.5.9 (Oct, 28th 2017)
-
Spring Boot 2.0 M6 (Nov. 6th 2017)
-
- Devin_M__351818Nimbostratus
Has the status for this vulnerability remained the same or is there an update?