| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||
Solution Type Problem Resolution Sure Solution 2378204.1 : Oracle ZFS Storage Appliance: Is ZFSSA affected by CVE-2017-8046 ?
In this Document
Applies to:Oracle ZFS Storage ZS5-4 - Version All Versions and laterOracle ZFS Storage ZS5-2 - Version All Versions and later Oracle ZFS Storage ZS4-4 - Version All Versions and later Oracle ZFS Storage ZS3-4 - Version All Versions and later Oracle ZFS Storage ZS3-2 - Version All Versions and later 7000 Appliance OS (Fishworks) SymptomsIs the Oracle ZFS Storage Appliance vulnerable to CVE-2017-8046 ?
CVE-2017-8046 Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046 Malicious PATCH requests submitted to spring-data-rest servers in Pivotal Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3, Spring Boot versions prior to 2.0.0M4, and Spring Data release trains prior to Kay-RC3 can use specially crafted JSON data to run arbitrary Java code.
ChangesN/A
CauseDoes CVE-2017-8046 affect the ZFSSA ?
SolutionUpdate from Security/ZFSSA group: > There is no Java or Java JSON in ZFSSA, therefore CVE-2017-8046 is NOT applicable.
Attachments This solution has no attachment |
||||||||||||||||||
|
||||||||||||||||||