A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html cve-icon cve-icon
http://www.securityfocus.com/bid/99623 cve-icon cve-icon
http://www.securitytracker.com/id/1039744 cve-icon cve-icon
http://www.securitytracker.com/id/1039947 cve-icon cve-icon
http://www.securitytracker.com/id/1040360 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1834 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1835 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1836 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1837 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1839 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:1840 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2477 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2546 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2547 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2633 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2635 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2636 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2637 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:2638 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3141 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3455 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3456 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2017:3458 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0294 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:0342 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1449 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:1450 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0910 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2858 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3149 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1462702 cve-icon cve-icon
https://cwiki.apache.org/confluence/display/WW/S2-055 cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/issues/1599 cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/issues/1723 cve-icon cve-icon
https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-7525 cve-icon
https://security.netapp.com/advisory/ntap-20171214-0002/ cve-icon cve-icon
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-7525 cve-icon
https://www.debian.org/security/2017/dsa-4004 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html cve-icon cve-icon
History

Fri, 23 Aug 2024 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-02-06T15:00:00Z

Updated: 2024-09-17T02:21:29.302Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7525

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-06T15:29:00.297

Modified: 2024-11-21T03:32:04.613

Link: CVE-2017-7525

cve-icon Redhat

Severity : Important

Publid Date: 2017-07-14T00:00:00Z

Links: CVE-2017-7525 - Bugzilla