Vulnerability Details : CVE-2017-4971
Potential exploit
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.
Products affected by CVE-2017-4971
- cpe:2.3:a:pivotal:spring_web_flow:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:spring_web_flow:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:spring_web_flow:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:spring_web_flow:2.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-4971
11.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-4971
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-4971
-
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-4971
-
https://jira.spring.io/browse/SWF-1700
[SWF-1700] CVE-2017-4971: Avoid use of SpEL parser for empty value expressions - Spring JIRAIssue Tracking;Patch
-
http://www.securityfocus.com/bid/98785
Pivotal Spring Web Flow CVE-2017-4971 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://pivotal.io/security/cve-2017-4971
CVE-2017-4971: Data Binding Expression Vulnerability in Spring Web Flow | Security | PivotalMitigation;Patch;Vendor Advisory
Jump to