CVE-2017-8046 Pivotal Spring Data REST Vulnerability

Question

I can't find any information about this CVE on Dev Central.  Is this CVE something that f5 ASM already has signature(s) for?  Any information would be greatly appreciated.&nbsp;
Thank you.&nbsp;

samstep · Answer

Jamie, I believe that the exploit code for this CVE has not yet been published, so no signature is available yet. To remediate this vulnerability you can do two things for now:&nbsp;
Disable HTTP Method "PATCH" from the list of allowed methods on your ASM policy (if enabled) - check with your application developers that they are actually using it and it is needed first
Ask application owners to update the version of Spring framework on the backend servers to the latest one which fixes this vulnerability, these are:&nbsp;

Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017)&nbsp;

Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017)&nbsp;

Spring Boot 1.5.9 (Oct, 28th 2017)&nbsp;

Spring Boot 2.0 M6 (Nov. 6th 2017)&nbsp;

devin_m__351818 · Answer

Has the status for this vulnerability remained the same or is there an update?&nbsp;

Forum Discussion

CVE-2017-8046 Pivotal Spring Data REST Vulnerability

2 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Route Domains HA & Traffic Groups

Sending an HTTP request from iRule without delaying client requests

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

BGP Over 2 vlans to 2 Network switch

Related Content

Mitigating Log4j Vulnerability using F5 BIG-IP

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Phishing, Malware and Spyware Campaign, BRUTED Tool & CISA’s List Of Exploited Vulnerabilities

Evolving Programmability with Pivotal Cloud Foundry

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS