CVE-2017-8046 Pivotal Spring Data REST Vulnerability

Question

I can't find any information about this CVE on Dev Central.  Is this CVE something that f5 ASM already has signature(s) for?  Any information would be greatly appreciated.&nbsp;
Thank you.&nbsp;

samstep · Answer

Jamie, I believe that the exploit code for this CVE has not yet been published, so no signature is available yet. To remediate this vulnerability you can do two things for now:&nbsp;
Disable HTTP Method "PATCH" from the list of allowed methods on your ASM policy (if enabled) - check with your application developers that they are actually using it and it is needed first
Ask application owners to update the version of Spring framework on the backend servers to the latest one which fixes this vulnerability, these are:&nbsp;

Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017)&nbsp;

Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017)&nbsp;

Spring Boot 1.5.9 (Oct, 28th 2017)&nbsp;

Spring Boot 2.0 M6 (Nov. 6th 2017)&nbsp;

devin_m__351818 · Answer

Has the status for this vulnerability remained the same or is there an update?&nbsp;

Forum Discussion

CVE-2017-8046 Pivotal Spring Data REST Vulnerability

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Evolving Programmability with Pivotal Cloud Foundry

Coordinated Vulnerability Disclosure: A Balanced Approach

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS