A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
25 Oct 2022, 20:21
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html - Patch, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory |
Information
Published : 2018-02-06 15:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-15095
Mitre link : CVE-2017-15095
CVE.ORG link : CVE-2017-15095
JSON object : View
Products Affected
oracle
- banking_platform
- primavera_unifier
- communications_instant_messaging_server
- webcenter_portal
- communications_billing_and_revenue_management
- clusterware
- database_server
- financial_services_analytical_applications_infrastructure
- global_lifecycle_management_opatchauto
- jd_edwards_enterpriseone_tools
- enterprise_manager_for_virtualization
- utilities_advanced_spatial_and_operational_analytics
- identity_manager
- communications_diameter_signaling_router
netapp
- oncommand_balance
- oncommand_performance_manager
- snapcenter
- oncommand_shift
redhat
- enterprise_linux
- satellite
- satellite_capsule
- openshift_container_platform
- jboss_enterprise_application_platform
debian
- debian_linux
fasterxml
- jackson-databind