What is the severity of CVE-2017-8045?

The severity of CVE-2017-8045 is critical with a severity value of 9.8.

How does CVE-2017-8045 affect Pivotal Spring AMQP?

CVE-2017-8045 affects Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7.

What is the vulnerability description for CVE-2017-8045?

CVE-2017-8045 allows a malicious payload to be crafted which may enable remote code execution by exploiting unsafe deserialization of org.springframework.amqp.core.Message.

How can I fix CVE-2017-8045?

To fix CVE-2017-8045, update Pivotal Spring AMQP to version 1.7.4, 1.6.11, or 1.5.7.

Are there any references for CVE-2017-8045?

Yes, you can find more information about CVE-2017-8045 at the following references: http://www.securityfocus.com/bid/100936, https://pivotal.io/security/cve-2017-8045.

Vulnerability/
CVE-2017-8045

critical

9.8

CWE

502

27/11/2017

5/8/2024

CVE-2017-8045

First published: Mon Nov 27 2017(Updated: )

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.0
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.0-m1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.0-rc1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.2
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.3
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.4
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.5
Pivotal Software Spring Advanced Message Queuing Protocol	=1.5.6
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.0
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.0-m1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.0-m2
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.0-rc1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.2
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.3
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.4
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.5
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.6
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.7
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.8
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.9
Pivotal Software Spring Advanced Message Queuing Protocol	=1.6.10
Pivotal Software Spring Advanced Message Queuing Protocol	=1.7.0
Pivotal Software Spring Advanced Message Queuing Protocol	=1.7.1
Pivotal Software Spring Advanced Message Queuing Protocol	=1.7.2
Pivotal Software Spring Advanced Message Queuing Protocol	=1.7.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-8045?
The severity of CVE-2017-8045 is critical with a severity value of 9.8.
How does CVE-2017-8045 affect Pivotal Spring AMQP?
CVE-2017-8045 affects Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7.
What is the vulnerability description for CVE-2017-8045?
CVE-2017-8045 allows a malicious payload to be crafted which may enable remote code execution by exploiting unsafe deserialization of org.springframework.amqp.core.Message.
How can I fix CVE-2017-8045?
To fix CVE-2017-8045, update Pivotal Spring AMQP to version 1.7.4, 1.6.11, or 1.5.7.
Are there any references for CVE-2017-8045?
Yes, you can find more information about CVE-2017-8045 at the following references: http://www.securityfocus.com/bid/100936, https://pivotal.io/security/cve-2017-8045.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/pivotal software
canonical/pivotal software spring advanced message queuing protocol
version/pivotal software spring advanced message queuing protocol/1.5.0
version/pivotal software spring advanced message queuing protocol/1.5.0-m1
version/pivotal software spring advanced message queuing protocol/1.5.0-rc1
version/pivotal software spring advanced message queuing protocol/1.5.1
version/pivotal software spring advanced message queuing protocol/1.5.2
version/pivotal software spring advanced message queuing protocol/1.5.3
version/pivotal software spring advanced message queuing protocol/1.5.4
version/pivotal software spring advanced message queuing protocol/1.5.5
version/pivotal software spring advanced message queuing protocol/1.5.6
version/pivotal software spring advanced message queuing protocol/1.6.0
version/pivotal software spring advanced message queuing protocol/1.6.0-m1
version/pivotal software spring advanced message queuing protocol/1.6.0-m2
version/pivotal software spring advanced message queuing protocol/1.6.0-rc1
version/pivotal software spring advanced message queuing protocol/1.6.1
version/pivotal software spring advanced message queuing protocol/1.6.2
version/pivotal software spring advanced message queuing protocol/1.6.3
version/pivotal software spring advanced message queuing protocol/1.6.4
version/pivotal software spring advanced message queuing protocol/1.6.5
version/pivotal software spring advanced message queuing protocol/1.6.6
version/pivotal software spring advanced message queuing protocol/1.6.7
version/pivotal software spring advanced message queuing protocol/1.6.8
version/pivotal software spring advanced message queuing protocol/1.6.9
version/pivotal software spring advanced message queuing protocol/1.6.10
version/pivotal software spring advanced message queuing protocol/1.7.0
version/pivotal software spring advanced message queuing protocol/1.7.1
version/pivotal software spring advanced message queuing protocol/1.7.2
version/pivotal software spring advanced message queuing protocol/1.7.3