National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-7525 Detail

Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Source:  MITRE      Last Modified:  02/06/2018

Quick Info

CVE Dictionary Entry:
CVE-2017-7525
Original release date:
02/06/2018
Last revised:
02/23/2018
Source:
US-CERT/NIST

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://www.securityfocus.com/bid/99623 External Source BID 99623
http://www.securitytracker.com/id/1039744 External Source SECTRACK 1039744
http://www.securitytracker.com/id/1039947 External Source SECTRACK 1039947
http://www.securitytracker.com/id/1040360 External Source SECTRACK 1040360
https://access.redhat.com/errata/RHSA-2017:1834 External Source REDHAT RHSA-2017:1834
https://access.redhat.com/errata/RHSA-2017:1835 External Source REDHAT RHSA-2017:1835
https://access.redhat.com/errata/RHSA-2017:1836 External Source REDHAT RHSA-2017:1836
https://access.redhat.com/errata/RHSA-2017:1837 External Source REDHAT RHSA-2017:1837
https://access.redhat.com/errata/RHSA-2017:1839 External Source REDHAT RHSA-2017:1839
https://access.redhat.com/errata/RHSA-2017:1840 External Source REDHAT RHSA-2017:1840
https://access.redhat.com/errata/RHSA-2017:2477 External Source REDHAT RHSA-2017:2477
https://access.redhat.com/errata/RHSA-2017:2546 External Source REDHAT RHSA-2017:2546
https://access.redhat.com/errata/RHSA-2017:2547 External Source REDHAT RHSA-2017:2547
https://access.redhat.com/errata/RHSA-2017:2633 External Source REDHAT RHSA-2017:2633
https://access.redhat.com/errata/RHSA-2017:2635 External Source REDHAT RHSA-2017:2635
https://access.redhat.com/errata/RHSA-2017:2636 External Source REDHAT RHSA-2017:2636
https://access.redhat.com/errata/RHSA-2017:2637 External Source REDHAT RHSA-2017:2637
https://access.redhat.com/errata/RHSA-2017:2638 External Source REDHAT RHSA-2017:2638
https://access.redhat.com/errata/RHSA-2017:3141 External Source REDHAT RHSA-2017:3141
https://access.redhat.com/errata/RHSA-2017:3454 External Source REDHAT RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3455 External Source REDHAT RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3456 External Source REDHAT RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3458 External Source REDHAT RHSA-2017:3458
https://access.redhat.com/errata/RHSA-2018:0294 External Source REDHAT RHSA-2018:0294
https://access.redhat.com/errata/RHSA-2018:0342 External Source REDHAT RHSA-2018:0342
https://bugzilla.redhat.com/show_bug.cgi?id=1462702 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1462702
https://cwiki.apache.org/confluence/display/WW/S2-055 External Source CONFIRM https://cwiki.apache.org/confluence/display/WW/S2-055
https://github.com/FasterXML/jackson-databind/issues/1599 External Source CONFIRM https://github.com/FasterXML/jackson-databind/issues/1599
https://github.com/FasterXML/jackson-databind/issues/1723 External Source CONFIRM https://github.com/FasterXML/jackson-databind/issues/1723
https://security.netapp.com/advisory/ntap-20171214-0002/ External Source CONFIRM https://security.netapp.com/advisory/ntap-20171214-0002/
https://www.debian.org/security/2017/dsa-4004 External Source DEBIAN DSA-4004

Technical Details

Vulnerability Type (View All)

Change History 5 change records found - show changes