Lucene search

K

Veracode Vulnerability DatabaseVERACODE:5364

HistoryNov 02, 2017 - 8:36 a.m.

Remote Code Execution (RCE) Through Deserialization

2017-11-0208:36:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

EPSS

0.493

Percentile

97.6%

Jackson-databind is vulnerable to remote code execution (RCE) attacks. This is a follow-up similar attack of CVE-2017-7525. The attack is still possible because more dangerous classes were added in the later released versions and were not blacklisted.

References

seclists.org/oss-sec/2017/q4/180

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/103880

www.securitytracker.com/id/1039769

access.redhat.com/errata/RHSA-2017:3189

access.redhat.com/errata/RHSA-2017:3190

access.redhat.com/errata/RHSA-2018:0342

access.redhat.com/errata/RHSA-2018:0478

access.redhat.com/errata/RHSA-2018:0479

access.redhat.com/errata/RHSA-2018:0480

access.redhat.com/errata/RHSA-2018:0481

access.redhat.com/errata/RHSA-2018:0576

access.redhat.com/errata/RHSA-2018:0577

access.redhat.com/errata/RHSA-2018:1447

access.redhat.com/errata/RHSA-2018:1448

access.redhat.com/errata/RHSA-2018:1449

access.redhat.com/errata/RHSA-2018:1450

access.redhat.com/errata/RHSA-2018:1451

access.redhat.com/errata/RHSA-2018:2927

access.redhat.com/errata/RHSA-2019:2858

access.redhat.com/errata/RHSA-2019:3149

access.redhat.com/errata/RHSA-2019:3892

github.com/FasterXML/jackson-databind/compare/e20bcc877a8149a9c4ecd562209b3b3954b6dda2...ddfddfba

github.com/FasterXML/jackson-databind/issues/1680

github.com/FasterXML/jackson-databind/issues/1737

lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

lists.debian.org/debian-lts-announce/2020/01/msg00037.html

security.netapp.com/advisory/ntap-20171214-0003/

www.debian.org/security/2017/dsa-4037

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

EPSS

0.493

Percentile

97.6%

Related for VERACODE:5364

redhat34 debian8 fedora7 openvas19 github6 nvd6 prion6 nessus37 ubuntucve5 redhatcve6 mageia2 osv18 cve6 debiancve5 veracode11 cvelist6 ubuntu1 checkpoint_advisories1 ibm8 seebug3 huawei1 f51 zdt1 freebsd1