TROYANOSYVIRUS
Volver a CVEs

CVE-2017-17485

CRITICAL
9.8

Descripcion

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/10/2018
Ultima modificacion8/27/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

debian:debian_linuxfasterxml:jackson-databindnetapp:e-series_santricity_os_controllernetapp:e-series_santricity_web_services_proxynetapp:oncommand_shiftnetapp:snapcenterredhat:enterprise_linux_serverredhat:jboss_enterprise_application_platformredhat:openshift_container_platform

Debilidades (CWE)

CWE-502CWE-502

Referencias

http://www.securityfocus.com/archive/1/541652/100/0/threaded(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0116(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0342(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0478(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0479(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0480(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0481(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1447(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1448(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1449(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1450(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1451(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:2930(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:1782(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:1797(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2858(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:3149(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:3892(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/issues/1855(cve@mitre.org)
https://github.com/irsl/jackson-rce-via-spel/(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20180201-0003/(cve@mitre.org)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us(cve@mitre.org)
https://www.debian.org/security/2018/dsa-4114(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2020.html(cve@mitre.org)
http://www.securityfocus.com/archive/1/541652/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0116(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0342(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0478(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0479(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0480(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0481(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1447(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1448(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1449(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1450(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1451(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2930(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:1782(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:1797(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2858(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3149(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3892(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/1855(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/irsl/jackson-rce-via-spel/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20180201-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4114(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.