cve/2017/CVE-2017-8046.md

### [CVE-2017-8046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046)
![](https://img.shields.io/static/v1?label=Product&message=Pivotal%20Spring%20Data%20REST%20and%20Spring%20Boot&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=run%20arbitrary%20Java%20code&color=brighgreen)

### Description

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44289/

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/20142995/pocsuite
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CLincat/vulcat
- https://github.com/FixYourFace/SpringBreakPoC
- https://github.com/Ljw1114/SpringFramework-Vul
- https://github.com/NorthShad0w/FINAL
- https://github.com/PonusJang/JAVA_WEB_APPLICATION_COLLECTION
- https://github.com/Sathyasri1/spring-break
- https://github.com/SecureSkyTechnology/study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095
- https://github.com/Secxt/FINAL
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Soontao/CVE-2017-8046-DEMO
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Tim1995/FINAL
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/aaronm-sysdig/report-download
- https://github.com/anquanscan/sec-tools
- https://github.com/ax1sX/Automation-in-Java-Security
- https://github.com/ax1sX/Codeql-In-Java-Security
- https://github.com/ax1sX/SpringSecurity
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bkhablenko/CVE-2017-8046
- https://github.com/cved-sources/cve-2017-8046
- https://github.com/cyberharsh/spring8046
- https://github.com/guanjivip/CVE-2017-8046
- https://github.com/holisticon/hack-yourself
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/ilmari666/cybsec
- https://github.com/ilmila/J2EEScan
- https://github.com/jkutner/spring-break-cve-2017-8046
- https://github.com/jsotiro/VulnerableSpringDataRest
- https://github.com/just0rg/Security-Interview
- https://github.com/lnick2023/nicenice
- https://github.com/m3ssap0/SpringBreakVulnerableApp
- https://github.com/m3ssap0/spring-break_cve-2017-8046
- https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities
- https://github.com/nBp1Ng/SpringFramework-Vul
- https://github.com/nihaohello/N-MiddlewareScan
- https://github.com/q99266/saury-vulnhub
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/ronoski/j2ee-rscan
- https://github.com/sj/spring-data-rest-CVE-2017-8046
- https://github.com/superfish9/pt
- https://github.com/swarna1010/spring-break_cve
- https://github.com/tindoc/spring-blog
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/zisigui123123s/FINAL