What is CVE-2017-8039?

CVE-2017-8039 is a medium-severity vulnerability in Pivotal Spring_web_flow, classified under Initialization of a Resource with an Insecure Default. CVSS score: 5.9/10. Published 2017-11-27.

How severe is CVE-2017-8039?

Medium severity. CVSS v3 base score is 5.9 out of 10.

RCE in Pivotal Spring_web_flow

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to mal…

EPSS: 0.002 (39.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Pivotal Spring_web_flow — versions 2.4.0, 2.4.1, 2.4.2
N/a Spring Web Flow 2.4.0 To 2.4.5 And Older Unsupported Versions Are Also Affected — versions Spring Web Flow Spring Web Flow 2.4.0 to 2.4.5 and Older unsupported versions are also affected

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

References

security_alert@emc.com (x_refsource_CONFIRM, Mitigation, Issue Tracking, Vendor Advisory)
security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-8039?: CVE-2017-8039 is a medium-severity vulnerability in Pivotal Spring_web_flow, classified under Initialization of a Resource with an Insecure Default. CVSS score: 5.9/10. Published 2017-11-27.
How severe is CVE-2017-8039?: Medium severity. CVSS v3 base score is 5.9 out of 10.