Oracle ZFS Storage Appliance: Is ZFSSA affected by CVE-2017-8046 ?

(Doc ID 2378204.1)

Last updated on MARCH 29, 2018

Applies to:

Oracle ZFS Storage ZS5-4 - Version All Versions and later
Oracle ZFS Storage ZS5-2 - Version All Versions and later
Oracle ZFS Storage ZS4-4 - Version All Versions and later
Oracle ZFS Storage ZS3-4 - Version All Versions and later
Oracle ZFS Storage ZS3-2 - Version All Versions and later
7000 Appliance OS (Fishworks)

Symptoms

Is the Oracle ZFS Storage Appliance vulnerable to CVE-2017-8046 ?

 

CVE-2017-8046 Information:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046

Malicious PATCH requests submitted to spring-data-rest servers in Pivotal Spring Data REST versions prior to 2.5.12, 2.6.7, 3.0 RC3, Spring Boot versions prior to 2.0.0M4, and Spring Data release trains prior to Kay-RC3 can use specially crafted JSON data to run arbitrary Java code.

 

Changes

N/A

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms