CVE-2017-4971

MEDIUM LAB

Pivotal Spring Web Flow <2.4.4 - Info Disclosure

Title source: llm

Description

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.

Exploits (1)

nomisec STUB

by cved-sources · poc

https://github.com/cved-sources/cve-2017-4971

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98785

[Issue Tracking, Patch] https://jira.spring.io/browse/SWF-1700

[Mitigation, Patch, Vendor Advisory] https://pivotal.io/security/cve-2017-4971

Scores

CVSS v3 5.9

EPSS 0.7536

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull tomcat:8-jre8

https://github.com/cved-sources/cve-2017-4971

View in Library

Details

CWE

CWE-1188

Status published

Products (6)

n/a/Spring Web Flow Spring Web Flow

org.springframework.webflow/spring-webflow 2.4.0 - 2.4.5Maven

pivotal/spring_web_flow 2.4.0

pivotal/spring_web_flow 2.4.1

pivotal/spring_web_flow 2.4.2

pivotal/spring_web_flow 2.4.4

Published Jun 13, 2017

Tracked Since Feb 18, 2026