[Forgot Password]
Login  Register Subscribe

24003

 
 

131486

 
 

106342

 
 

909

 
 

84537

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-7525Date: (C)2018-02-07   (M)2018-05-07


A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1039744
SECTRACK-1039947
SECTRACK-1040360
BID-99623
DSA-4004
RHSA-2017:1834
RHSA-2017:1835
RHSA-2017:1836
RHSA-2017:1837
RHSA-2017:1839
RHSA-2017:1840
RHSA-2017:2477
RHSA-2017:2546
RHSA-2017:2547
RHSA-2017:2633
RHSA-2017:2635
RHSA-2017:2636
RHSA-2017:2637
RHSA-2017:2638
RHSA-2017:3141
RHSA-2017:3454
RHSA-2017:3455
RHSA-2017:3456
RHSA-2017:3458
RHSA-2018:0294
RHSA-2018:0342
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://bugzilla.redhat.com/show_bug.cgi?id=1462702
https://cwiki.apache.org/confluence/display/WW/S2-055
https://github.com/FasterXML/jackson-databind/issues/1599
https://github.com/FasterXML/jackson-databind/issues/1723
https://security.netapp.com/advisory/ntap-20171214-0002/

CPE    2
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.0
CWE    1
CWE-502
OVAL    11
oval:org.secpod.oval:def:603137
oval:org.secpod.oval:def:603177
oval:org.secpod.oval:def:112960
oval:org.secpod.oval:def:113412
...

© 2013 SecPod Technologies