CVE-2017-4971
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-4971
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pivotal Spring Web Flow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pivotal Spring Web Flow是美国Pivotal Software公司的一款Web应用程序,可提供登机手续办理、贷款申请或购物车结算等导航。 Pivotal Spring Web Flow 2.4.0版本至2.4.4版本中存在安全绕过漏洞。攻击者可利用该漏洞绕过安全限制,执行未授权的操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Spring Web Flow | Spring Web Flow | - |
II. Public POCs for CVE-2017-4971
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | cve-2017-4971 | https://github.com/cved-sources/cve-2017-4971 | POC Details |
| 2 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20WebFlow%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-4971.md | POC Details |
| 3 | https://github.com/vulhub/vulhub/blob/master/spring/CVE-2017-4971/README.md | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-4971
请登录查看更多情报信息。
- 🔗 https://jira.spring.io/browse/SWF-1700x_refsource_CONFIRM
- 🔗 https://pivotal.io/security/cve-2017-4971x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-4971
Same Patch Batch · n/a · 2017-06-13 · 62 CVEs total
| CVE-2017-6673 | Cisco Firepower Management Center 信息泄露漏洞 | |
| CVE-2017-6691 | Cisco Elastic Services Controller ConfD CLI 信息泄露漏洞 | |
| CVE-2017-6694 | Cisco Ultra Services Platform 信息泄露漏洞 | |
| CVE-2017-6693 | Cisco Elastic Services Controller ConfD服务器组件安全漏洞 | |
| CVE-2017-6692 | Cisco Ultra Services Framework Element Manager 安全漏洞 | |
| CVE-2017-6682 | Cisco Elastic Services Controller ConfD CLI 操作系统命令注入漏洞 | |
| CVE-2017-6681 | Cisco Ultra Services Framework 信息泄露漏洞 | |
| CVE-2017-6680 | Cisco Ultra Services Framework 安全漏洞 | |
| CVE-2017-6675 | Cisco Industrial Network Director 跨站脚本漏洞 | |
| CVE-2017-6674 | Cisco Firepower System Software 安全漏洞 | |
| CVE-2017-6683 | Cisco Elastic Services Controller 安全漏洞 | |
| CVE-2017-6671 | Cisco Email Security Appliance AsyncOS Software 输入验证漏洞 | |
| CVE-2017-6670 | Cisco Unified Communications Domain Manager 安全漏洞 | |
| CVE-2017-6668 | Cisco Unified Communications Domain Manager SQL注入漏洞 | |
| CVE-2017-6667 | Cisco Context Service SDK 输入验证漏洞 | |
| CVE-2017-6666 | Cisco Network Convergence System 5500 Series IOS XR Software forwarding组件资源管理错误漏洞 | |
| CVE-2017-6661 | Cisco Email Security和Content Security Management Appliance 跨站脚本漏洞 | |
| CVE-2017-6659 | Cisco Prime Collaboration Assurance 跨站请求伪造漏洞 | |
| CVE-2017-6656 | Cisco IP Phone 8800 Series 安全漏洞 | |
| CVE-2017-6655 | Cisco NX-OS Software 安全漏洞 |
Showing top 20 of 62 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2017-4971
No comments yet