← Voltar para CVEs
CVE-2017-15095
CRITICAL9.8
Descricao
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/6/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
debian:debian_linuxfasterxml:jackson-databindnetapp:oncommand_balancenetapp:oncommand_performance_managernetapp:oncommand_shiftnetapp:snapcenteroracle:banking_platformoracle:clusterwareoracle:communications_billing_and_revenue_managementoracle:communications_diameter_signaling_routeroracle:communications_instant_messaging_serveroracle:database_serveroracle:enterprise_manager_for_virtualizationoracle:financial_services_analytical_applications_infrastructureoracle:global_lifecycle_management_opatchautooracle:identity_manageroracle:jd_edwards_enterpriseone_toolsoracle:primavera_unifieroracle:utilities_advanced_spatial_and_operational_analyticsoracle:webcenter_portalredhat:enterprise_linuxredhat:jboss_enterprise_application_platformredhat:openshift_container_platformredhat:satelliteredhat:satellite_capsule
Fraquezas (CWE)
CWE-184CWE-502
Referencias
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html(secalert@redhat.com)
http://www.securityfocus.com/bid/103880(secalert@redhat.com)
http://www.securitytracker.com/id/1039769(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:3189(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2017:3190(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0342(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0478(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0479(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0480(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0481(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0576(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:0577(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1447(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1448(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1449(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1450(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1451(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:2927(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:2858(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:3149(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2019:3892(secalert@redhat.com)
https://github.com/FasterXML/jackson-databind/issues/1680(secalert@redhat.com)
https://github.com/FasterXML/jackson-databind/issues/1737(secalert@redhat.com)
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20171214-0003/(secalert@redhat.com)
https://www.debian.org/security/2017/dsa-4037(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpuoct2020.html(secalert@redhat.com)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(secalert@redhat.com)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/103880(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039769(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3189(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3190(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0342(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0478(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0479(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0480(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0481(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0576(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0577(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1447(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1448(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1449(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1450(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1451(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2927(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2858(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3149(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3892(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/1680(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/1737(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20171214-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-4037(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.