CVE-2017-8045

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.
References
Link Resource
http://www.securityfocus.com/bid/100936 Third Party Advisory VDB Entry
https://pivotal.io/security/cve-2017-8045 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:m1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:m2:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:1.7.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-11-27 10:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-8045

Mitre link : CVE-2017-8045

CVE.ORG link : CVE-2017-8045


JSON object : View

Products Affected

pivotal_software

  • spring_advanced_message_queuing_protocol
CWE
CWE-502

Deserialization of Untrusted Data