[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81309

 
 

123

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-7525Date: (C)2018-02-07   (M)2018-02-19


A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  :
Exploit Score: Exploit Score:
Impact Score : Impact Score :
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector:
Attack Complexity: Access Complexity:
Privileges Required: Authentication:
User Interaction: Confidentiality:
Scope: Integrity:
Confidentiality: Availability:
Integrity:  
Availability:  
  





Reference:
SECTRACK-1039744
SECTRACK-1039947
SECTRACK-1040360
BID-99623
DSA-4004
RHSA-2017:1834
RHSA-2017:1835
RHSA-2017:1836
RHSA-2017:1837
RHSA-2017:1839
RHSA-2017:1840
RHSA-2017:2477
RHSA-2017:2546
RHSA-2017:2547
RHSA-2017:2633
RHSA-2017:2635
RHSA-2017:2636
RHSA-2017:2637
RHSA-2017:2638
RHSA-2017:3141
RHSA-2017:3454
RHSA-2017:3455
RHSA-2017:3456
RHSA-2017:3458
RHSA-2018:0294
https://bugzilla.redhat.com/show_bug.cgi?id=1462702
https://cwiki.apache.org/confluence/display/WW/S2-055
https://github.com/FasterXML/jackson-databind/issues/1599
https://github.com/FasterXML/jackson-databind/issues/1723
https://security.netapp.com/advisory/ntap-20171214-0002/

OVAL    9
oval:org.secpod.oval:def:603137
oval:org.secpod.oval:def:113002
oval:org.secpod.oval:def:112960
oval:org.secpod.oval:def:113994
...

© 2013 SecPod Technologies