Spring Data Commons Unauthenticated RCE CVE-2018-1273 Scanner

Details
Stay Up To Date
Asset Type

domain,ip,url

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Spring Data Commons Unauthenticated RCE CVE-2018-1273 Scanner Detail

There is a remote code execution vulnerability in Spring Data Commons.

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Some Advice for Common Problems

You have to update to latest version.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service