← Volver a CVEs
CVE-2017-15095
CRITICAL9.8
Descripcion
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/6/2018
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
debian:debian_linuxfasterxml:jackson-databindnetapp:oncommand_balancenetapp:oncommand_performance_managernetapp:oncommand_shiftnetapp:snapcenteroracle:banking_platformoracle:clusterwareoracle:communications_billing_and_revenue_managementoracle:communications_diameter_signaling_routeroracle:communications_instant_messaging_serveroracle:database_serveroracle:enterprise_manager_for_virtualizationoracle:financial_services_analytical_applications_infrastructureoracle:global_lifecycle_management_opatchautooracle:identity_manageroracle:jd_edwards_enterpriseone_toolsoracle:primavera_unifieroracle:utilities_advanced_spatial_and_operational_analyticsoracle:webcenter_portalredhat:enterprise_linuxredhat:jboss_enterprise_application_platformredhat:openshift_container_platformredhat:satelliteredhat:satellite_capsule
Debilidades (CWE)
CWE-184CWE-502
Referencias
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html(secalert@redhat.com)
http://www.securityfocus.com/bid/103880(secalert@redhat.com)
http://www.securitytracker.com/id/1039769(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:3189(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:3190(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0342(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0478(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0479(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0480(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0481(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0576(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0577(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1447(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1448(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1449(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1450(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1451(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:2927(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:2858(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:3149(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:3892(secalert@redhat.com)
https://github.com/FasterXML/jackson-databind/issues/1680(secalert@redhat.com)
https://github.com/FasterXML/jackson-databind/issues/1737(secalert@redhat.com)
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20171214-0003/(secalert@redhat.com)
https://www.debian.org/security/2017/dsa-4037(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpuoct2020.html(secalert@redhat.com)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(secalert@redhat.com)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/103880(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039769(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3189(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3190(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0342(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0478(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0479(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0480(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0481(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0576(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0577(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1447(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1448(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1449(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1450(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1451(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2927(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2858(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3149(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3892(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/1680(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/1737(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20171214-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-4037(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.