Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2017-8039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding proper...

5.9CVSS6.9AI score0.15858EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.18 views

RHEL 7 : spring-webflow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spring-webflow: Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-8039 - An issue was...

6.1AI score0.15858EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/05/13 1:47 a.m.3 views

com.github.gfernandez598:springwebflow-optforrepl (=1.0), com.github.stephanarts:cas-server-integration-zeromq (>=0.0.1 <=0.0.8) +443 more potentially affected by CVE-2017-8039 via org.springframework.webflow:spring-webflow (>=2.0.6.RELEASE <=2.4.5.RELEASE)

org.springframework.webflow:spring-webflow MAVEN version =2.0.6.RELEASE, =0.0.1, =1.0, =1.0.0.RELEASE, =1.0, =1.0, =1.0.0-GA, =1.0.0-GA, =1.0.0-GA, =1.0.0-GA, =1.0.0-RC1 and more Source cves: CVE-2017-8039 Source advisory: OSV:GHSA-Q4V9-QJMW-J7VF...

5.9CVSS6.5AI score0.00963EPSS
Exploits0
NVD
NVD
added 2017/11/27 10:29 a.m.34 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS6AI score0.00963EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.37 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.6AI score0.00963EPSS
Exploits0References2
CVE
CVE
added 2017/11/27 10:0 a.m.88 views

CVE-2017-8039

Pivotal Spring Web Flow up to version 2.4.5 is affected when applications do not change MvcViewFactoryCreator.useSpringBinding (default false); this can allow malicious EL expressions in view states that process form submissions lacking explicit data binding property mappings. The issue stems fro...

5.9CVSS5.8AI score0.00963EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder