Published: 10/01/2018 Updated: 08/06/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

FasterXML jackson-databind up to and including 2.8.10 and 2.9.x up to and including 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fasterxml jackson-databind
debian debian linux 8.0
debian debian linux 9.0
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.4.0
redhat jboss_enterprise_application_platform 7.1
redhat openshift_container_platform 4.1
redhat openshift container platform 3.11
netapp snapcenter -
netapp e-series santricity web services proxy -
netapp e-series santricity os controller
netapp oncommand shift -

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization This allowed an attacker to perform code execution by providing maliciously crafted input For the oldstable distribution (jessie), these problems have been fixed in version 242 ...

Debian Bug report logs - #888318 jackson-databind: CVE-2017-17485 Package: src:jackson-databind; Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Jan 2018 22:12:05 UTC Severity: grave Tags ...

Debian Bug report logs - #888316 jackson-databind: CVE-2018-5968 Package: src:jackson-databind; Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Jan 2018 22:06:02 UTC Severity: grave Tags: ...

Synopsis Important: Red Hat JBoss BRMS 6412 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BRMSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...

Synopsis Important: jboss-ec2-eap package for EAP 711 Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 711 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 711 for Red Ha ...

Synopsis Important: JBoss Enterprise Application Platform 711 on RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impac ...

Synopsis Important: JBoss Enterprise Application Platform 711 for RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impa ...

Synopsis Important: OpenShift Container Platform logging-elasticsearch5-container security update Type/Severity Security Advisory: Important Topic An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as h ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...

Synopsis Important: rhvm-appliance security and enhancement update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...

Synopsis Important: rh-maven35-jackson-databind security update Type/Severity Security Advisory: Important Topic An update for rh-maven35-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 711 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Important: Red Hat Fuse 750 security update Type/Severity Security Advisory: Important Topic A minor version update (from 74 to 75) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...

Synopsis Important: eap6-jboss-ec2-eap security update Type/Severity Security Advisory: Important Topic An update for jboss-ec2-eap is now available for Red Hat JBoss EnterpriseApplication Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Enterprise Application Platform6420, fixes several bugs, and adds various enhancements are now available from the Red Hat Cu ...

Synopsis Important: Red Hat JBoss BPM Suite 6412 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BPM SuiteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Important: Red Hat JBoss Operations Network 3311 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Operations NetworkRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

Synopsis Important: rh-eclipse46-jackson-databind security update Type/Severity Security Advisory: Important Topic An update for rh-eclipse46-jackson-databind is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6420 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...

Synopsis Important: OpenShift Container Platform 4118 logging-elasticsearch5 security update Type/Severity Security Advisory: Important Topic An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as havin ...

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously ...

Jackson 反序列化漏洞描述 CVE-2017-7525 CVE-2017-7525详情 githubcom/iBearcat/S2-055 官方在漏洞产生后，通过黑名单的方式禁止黑名单中的第三方库反序列化问题而产生的代码执行漏洞,黑名单是一种不可靠的修复方式，攻击者常常可以通过一些手段绕过黑名单，造成新漏洞产生，可以说是S2-055

CVE-2017-17485:Jackson-databind RCE

CVE-2017-17485 CVE-2017-17485:Jackson-databind RCE

Package $ sbt stage $ file /target/helloshiftleft-play-jpa-scala-001-SNAPSHOTjar Run $ sbt run Http routes See routes at config/routes Use localhost as host name in the URLs To interact with the endpoints use curl (or any other tool) GET /account GET /createCustomer POST /account curl localhos

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions

jackson-rce-via-spel An example project that exploits the default typing issue in Jackson-databind (githubcom/FasterXML/jackson-databind) via Spring application contexts and expressions Context The Jackson-databind project has a feature called default-typing (not enabled by default) When the target class has some polymorph fields inside (such as interfaces, abstract c

vulnerable play app

Package $ sbt stage $ file /target/helloshiftleftplay-000-SNAPSHOTjar Run $ sbt run Http routes See routes at config/routes Use localhost as host name in the URLs To interact with the endpoints use curl (or any other tool) GET /account GET /createCustomer POST /account curl localhost:8082

jackson-databind-POC 存在漏洞示例/误报示例先看几个白盒检测存在漏洞的示例：来源：githubcom/find-sec-bugs/find-sec-bugs/blob/master/findsecbugs-samples-java/src/test/java/testcode/serial/UnsafeJacksonObjectDeserializationjava public class UnsafeJacksonObjectDeserialization { static class ABean { public int id; public O

Demo for CVE-2017-7525

Demo-Exploit-Jackson-RCE This project serves as an example web application to test attack on the Jackson-databind vulnerability CVE-2017-17485 Build Build and package spring boot and angular7 into a deployable war file mvn package Run Which automatically opens a web browser at localhost:4200 backend/mvn spring-boot:run Demo

spel.xml

Get Started

CVE-2017-17485

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect