Lucene search

RedhatCVELIST:CVE-2017-7525

HistoryFeb 06, 2018 - 3:00 p.m.

CVE-2017-7525

2018-02-0615:00:00

CWE-184

redhat

www.cve.org

AI Score

9.4

Confidence

High

EPSS

0.493

Percentile

97.6%

JSON

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CNA Affected

[
  {
    "product": "jackson-databind",
    "vendor": "FasterXML",
    "versions": [
      {
        "status": "affected",
        "version": "before 2.6.7.1"
      },
      {
        "status": "affected",
        "version": "before 2.7.9.1"
      },
      {
        "status": "affected",
        "version": "before 2.8.9"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/99623

www.securitytracker.com/id/1039744

www.securitytracker.com/id/1039947

www.securitytracker.com/id/1040360

access.redhat.com/errata/RHSA-2017:1834

access.redhat.com/errata/RHSA-2017:1835

access.redhat.com/errata/RHSA-2017:1836

access.redhat.com/errata/RHSA-2017:1837

access.redhat.com/errata/RHSA-2017:1839

access.redhat.com/errata/RHSA-2017:1840

access.redhat.com/errata/RHSA-2017:2477

access.redhat.com/errata/RHSA-2017:2546

access.redhat.com/errata/RHSA-2017:2547

access.redhat.com/errata/RHSA-2017:2633

access.redhat.com/errata/RHSA-2017:2635

access.redhat.com/errata/RHSA-2017:2636

access.redhat.com/errata/RHSA-2017:2637

access.redhat.com/errata/RHSA-2017:2638

access.redhat.com/errata/RHSA-2017:3141

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

access.redhat.com/errata/RHSA-2018:0294

access.redhat.com/errata/RHSA-2018:0342

access.redhat.com/errata/RHSA-2018:1449

access.redhat.com/errata/RHSA-2018:1450

access.redhat.com/errata/RHSA-2019:0910

access.redhat.com/errata/RHSA-2019:2858

access.redhat.com/errata/RHSA-2019:3149

bugzilla.redhat.com/show_bug.cgi?id=1462702

cwiki.apache.org/confluence/display/WW/S2-055

github.com/FasterXML/jackson-databind/issues/1599

github.com/FasterXML/jackson-databind/issues/1723

lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E

lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E

lists.debian.org/debian-lts-announce/2020/01/msg00037.html

lists.debian.org/debian-lts-announce/2020/08/msg00039.html

security.netapp.com/advisory/ntap-20171214-0002/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

www.debian.org/security/2017/dsa-4004

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html