Russian Vulnerability Scanner Database

Back to List

CVE-2017-7525

Scores

EPSS

0.793medium79.3%
0%20%40%60%80%100%

Percentile: 79.3%

CVSS

8.1high3.x
0246810

CVSS Score: 8.1/10

All CVSS Scores

CVSS 3.x
8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-184CWE-20

Related Vulnerabilities

BDU:2021-01394

Exploits

Exploit ID: CVE-2017-7525

Source: github-poc

URL: https://github.com/Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab

Recommendations

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:3141

Source: nvd

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:2638

Source: nvd

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:2637

Source: nvd

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:2636

Source: nvd

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:2635

Source: nvd

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must log in to download the update).

URL: https://access.redhat.com/errata/RHSA-2017:2633

Source: nvd

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update).

URL: https://access.redhat.com/errata/RHSA-2017:2547

Source: nvd

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update).

URL: https://access.redhat.com/errata/RHSA-2017:2546

Source: nvd

Before applying the update, back up your existing Red Hat JBoss Data Virtualization installation (including its databases, applications, configuration files, and so on).
Note that it is recommended to halt the Red Hat JBoss Data Virtualization server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss Data Virtualization server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update).

URL: https://access.redhat.com/errata/RHSA-2017:2477

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:1840

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2017:1839

Vulnerable Software (751)

Type: Configuration

Product: apache-cxf

Operating System: rhel

Trait: 
{  "fixed": "2.7.18-7.SP6_redhat_1.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: apache-cxf

Operating System: rhel

Trait: 
{  "fixed": "2.7.18-7.SP6_redhat_1.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: apache-cxf

Operating System: rhel

Trait: 
{  "fixed": "2.7.18-7.SP6_redhat_1.1.ep6.el7"}

Source: redhat

Type: Configuration

Product: codehaus-jackson

Operating System: rhel

Trait: 
{  "fixed": "1.9.9-11.redhat_5.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: codehaus-jackson

Operating System: rhel

Trait: 
{  "fixed": "1.9.9-12.redhat_6.1.ep6.el5"}

Source: redhat

Type: Configuration

Product: codehaus-jackson

Operating System: rhel

Trait: 
{  "fixed": "1.9.9-11.redhat_5.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: codehaus-jackson

Operating System: rhel

Trait: 
{  "fixed": "1.9.9-12.redhat_6.1.ep6.el6"}

Source: redhat

Type: Configuration

Product: codehaus-jackson

Operating System: rhel

Trait: 
{  "fixed": "1.9.9-11.redhat_5.1.ep6.el7"}

Source: redhat

Type: Configuration

Product: devtoolset-4-jackson-databind

Operating System: rhel

Trait: 
{  "fixed": "2.5.0-2.4.el6"}

Source: redhat

Type: Configuration

Product: devtoolset-4-jackson-databind

Operating System: rhel

Trait: 
{  "fixed": "2.5.0-2.4.el6"}

Source: redhat

Type: Configuration

Product: devtoolset-4-jackson-databind

Operating System: rhel

Trait: 
{  "fixed": "2.5.0-2.4.el7"}

Source: redhat

Type: Configuration

Product: devtoolset-4-jackson-databind

Operating System: rhel

Trait: 
{  "fixed": "2.5.0-2.4.el7"}

Source: redhat

Type: Configuration

Product: eap7-activemq-artemis

Operating System: rhel

Trait: 
{  "fixed": "1.1.0-18.SP21_redhat_1.1.ep7.el6"}

Source: redhat

Type: Configuration

Product: eap7-activemq-artemis

Operating System: rhel

Trait: 
{  "fixed": "1.1.0-18.SP21_redhat_1.1.ep7.el7"}

Source: redhat

Type: Configuration

Product: eap7-activemq-artemis

Operating System: rhel

Trait: 
{  "fixed": "1.5.5.008-1.redhat_1.1.ep7.el6"}

Source: redhat

Type: Configuration

Product: eap7-activemq-artemis

Operating System: rhel

Trait: 
{  "fixed": "1.5.5.008-1.redhat_1.1.ep7.el7"}

Source: redhat

Type: Configuration

Product: eap7-antlr

Operating System: rhel

Trait: 
{  "fixed": "2.7.7-35.redhat_7.1.ep7.el6"}

Source: redhat

Type: Configuration

Product: eap7-antlr

Operating System: rhel

Trait: 
{  "fixed": "2.7.7-35.redhat_7.1.ep7.el7"}

Source: redhat

Type: Configuration

Product: eap7-apache-commons-beanutils

Operating System: rhel

Trait: 
{  "fixed": "1.9.3-1.redhat_1.1.ep7.el6"}

Source: redhat

Type: Configuration

Product: eap7-apache-commons-beanutils

Operating System: rhel

Trait: 
{  "fixed": "1.9.3-1.redhat_1.1.ep7.el7"}

Source: redhat