Vulnerability Change Records for CVE-2017-15095

Change History

Modified Analysis 8/21/2019 10:55:23 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
Changed CPE Configuration
OR
     *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.8.10
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0 up to (excluding) 2.8.10
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
Changed Reference Type
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html No Types Assigned
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch, Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:2927 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:2927 Third Party Advisory
Changed Reference Type
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html No Types Assigned
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch, Third Party Advisory
Changed Reference Type
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html No Types Assigned
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory

CVE Modified by Red Hat, Inc. 2/07/2018 9:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1039769 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2017:3189 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2017:3190 [No Types Assigned]
Added Reference

								
							
							
						
https://security.netapp.com/advisory/ntap-20171214-0003/ [No Types Assigned]
Added Reference

								
							
							
						
https://www.debian.org/security/2017/dsa-4037 [No Types Assigned]

CVE Modified by Red Hat, Inc. 7/18/2018 9:29:06 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html [No Types Assigned]

Reanalysis 9/05/2019 11:53:29 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0 up to (excluding) 2.8.10
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
OR
     *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.9.2
     *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions from (including) 2.8.0 up to (excluding) 2.8.10
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*
Added Evaluator Solution

								
							
							
						
\

CVE Modified by Red Hat, Inc. 7/23/2019 7:15:22 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 10/18/2019 6:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:3149 [No Types Assigned]

CVE Modified by Red Hat, Inc. 10/17/2018 6:29:11 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:2927 [No Types Assigned]

Modified Analysis 9/11/2018 7:57:23 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:fasterxml:jackson:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (including) 1.9
Changed Reference Type
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html No Types Assigned
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory
Changed Reference Type
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html No Types Assigned
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch, Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/103880 No Types Assigned
http://www.securityfocus.com/bid/103880 Third Party Advisory, VDB Entry
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0478 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0478 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0479 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0479 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0480 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0480 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0481 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0481 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0576 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0576 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0577 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0577 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:1447 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:1447 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:1448 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:1448 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:1449 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:1449 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:1450 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:1450 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:1451 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:1451 Third Party Advisory
Changed Reference Type
https://github.com/FasterXML/jackson-databind/issues/1680 Issue Tracking
https://github.com/FasterXML/jackson-databind/issues/1680 Issue Tracking, Third Party Advisory
Changed Reference Type
https://github.com/FasterXML/jackson-databind/issues/1737 Issue Tracking, Patch
https://github.com/FasterXML/jackson-databind/issues/1737 Issue Tracking, Patch, Third Party Advisory

CVE Modified by Red Hat, Inc. 4/19/2018 9:29:18 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 3/23/2018 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0576 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0577 [No Types Assigned]

CVE Modified by Red Hat, Inc. 1/31/2020 7:15:10 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 5/16/2018 9:29:08 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1447 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1448 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1449 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1450 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1451 [No Types Assigned]

CVE Modified by Red Hat, Inc. 3/13/2018 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0478 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0479 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0480 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0481 [No Types Assigned]

CVE Modified by Red Hat, Inc. 9/26/2019 11:15:11 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:2858 [No Types Assigned]

CVE Modified by Red Hat, Inc. 10/16/2018 9:30:11 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 10/09/2019 7:24:12 PM

Action Type Old Value New Value
Added CWE

								
							
							
						
Red Hat, Inc. CWE-184

CVE Modified by Red Hat, Inc. 1/16/2019 2:29:13 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 10/20/2020 6:15:20 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.oracle.com/security-alerts/cpuoct2020.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 12/19/2019 2:15:13 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E [No Types Assigned]

CVE Modified by Red Hat, Inc. 11/14/2019 7:15:09 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:3892 [No Types Assigned]

Initial Analysis 3/13/2018 2:18:44 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* versions up to (excluding) 2.8.10
     *cpe:2.3:a:fasterxml:jackson-databind:2.9.0:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-502
Changed Reference Type
http://www.securitytracker.com/id/1039769 No Types Assigned
http://www.securitytracker.com/id/1039769 Third Party Advisory, VDB Entry
Changed Reference Type
https://access.redhat.com/errata/RHSA-2017:3189 No Types Assigned
https://access.redhat.com/errata/RHSA-2017:3189 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2017:3190 No Types Assigned
https://access.redhat.com/errata/RHSA-2017:3190 Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2018:0342 No Types Assigned
https://access.redhat.com/errata/RHSA-2018:0342 Third Party Advisory
Changed Reference Type
https://github.com/FasterXML/jackson-databind/issues/1680 No Types Assigned
https://github.com/FasterXML/jackson-databind/issues/1680 Issue Tracking
Changed Reference Type
https://github.com/FasterXML/jackson-databind/issues/1737 No Types Assigned
https://github.com/FasterXML/jackson-databind/issues/1737 Issue Tracking, Patch
Changed Reference Type
https://security.netapp.com/advisory/ntap-20171214-0003/ No Types Assigned
https://security.netapp.com/advisory/ntap-20171214-0003/ Third Party Advisory
Changed Reference Type
https://www.debian.org/security/2017/dsa-4037 No Types Assigned
https://www.debian.org/security/2017/dsa-4037 Third Party Advisory

CVE Modified by Red Hat, Inc. 4/18/2018 9:29:03 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/103880 [No Types Assigned]

CVE Modified by Red Hat, Inc. 2/23/2018 9:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0342 [No Types Assigned]