CVE-2017-7525

Current Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Referenced by CVEs:CVE-2017-15095, CVE-2017-17485, CVE-2018-5968, CVE-2018-7489, CVE-2019-10202

Basic Data

PublishedFebruary 06, 2018
Last ModifiedSeptember 27, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-502
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.8
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFasterxmlJackson-databind********2.6.02.6.7.1
    2.3ApplicationFasterxmlJackson-databind********2.7.02.7.9.1
    2.3ApplicationFasterxmlJackson-databind********2.8.02.8.9
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFasterxmlJackson********1.0.01.9
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Enterprise Application Platform6.0.0*******
    2.3ApplicationRedhatJboss Enterprise Application Platform6.4.0*******
    2.3ApplicationRedhatJboss Enterprise Application Platform7.0.0*******
    2.3ApplicationRedhatJboss Enterprise Application Platform7.1.0*******
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatVirtualization4.0*******

Vulnerable Software List

VendorProductVersions
Fasterxml Jackson-databind *
Fasterxml Jackson *
Debian Debian Linux 8.0, 9.0
Redhat Jboss Enterprise Application Platform 6.0.0, 6.4.0, 7.0.0, 7.1.0
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0

References

NameSourceURLTags
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlCONFIRMPatch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMPatch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlCONFIRMPatch Third Party Advisory
99623http://www.securityfocus.com/bid/99623BIDThird Party Advisory VDB Entry
1039744http://www.securitytracker.com/id/1039744SECTRACKThird Party Advisory VDB Entry
1039947http://www.securitytracker.com/id/1039947SECTRACKThird Party Advisory VDB Entry
1040360http://www.securitytracker.com/id/1040360SECTRACKThird Party Advisory VDB Entry
RHSA-2017:1834https://access.redhat.com/errata/RHSA-2017:1834REDHATThird Party Advisory
RHSA-2017:1835https://access.redhat.com/errata/RHSA-2017:1835REDHATThird Party Advisory
RHSA-2017:1836https://access.redhat.com/errata/RHSA-2017:1836REDHATThird Party Advisory
RHSA-2017:1837https://access.redhat.com/errata/RHSA-2017:1837REDHATThird Party Advisory
RHSA-2017:1839https://access.redhat.com/errata/RHSA-2017:1839REDHATThird Party Advisory
RHSA-2017:1840https://access.redhat.com/errata/RHSA-2017:1840REDHATThird Party Advisory
RHSA-2017:2477https://access.redhat.com/errata/RHSA-2017:2477REDHATThird Party Advisory
RHSA-2017:2546https://access.redhat.com/errata/RHSA-2017:2546REDHATThird Party Advisory
RHSA-2017:2547https://access.redhat.com/errata/RHSA-2017:2547REDHATThird Party Advisory
RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2633REDHATThird Party Advisory
RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2635REDHATThird Party Advisory
RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2636REDHATThird Party Advisory
RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2637REDHATThird Party Advisory
RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2638REDHATThird Party Advisory
RHSA-2017:3141https://access.redhat.com/errata/RHSA-2017:3141REDHATThird Party Advisory
RHSA-2017:3454https://access.redhat.com/errata/RHSA-2017:3454REDHATThird Party Advisory
RHSA-2017:3455https://access.redhat.com/errata/RHSA-2017:3455REDHATThird Party Advisory
RHSA-2017:3456https://access.redhat.com/errata/RHSA-2017:3456REDHATThird Party Advisory
RHSA-2017:3458https://access.redhat.com/errata/RHSA-2017:3458REDHATThird Party Advisory
RHSA-2018:0294https://access.redhat.com/errata/RHSA-2018:0294REDHATThird Party Advisory
RHSA-2018:0342https://access.redhat.com/errata/RHSA-2018:0342REDHATThird Party Advisory
RHSA-2018:1449https://access.redhat.com/errata/RHSA-2018:1449REDHATThird Party Advisory
RHSA-2018:1450https://access.redhat.com/errata/RHSA-2018:1450REDHATThird Party Advisory
RHSA-2019:0910https://access.redhat.com/errata/RHSA-2019:0910REDHATThird Party Advisory
RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:2858REDHAT
RHSA-2019:3149https://access.redhat.com/errata/RHSA-2019:3149REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1462702https://bugzilla.redhat.com/show_bug.cgi?id=1462702CONFIRMIssue Tracking Third Party Advisory
https://cwiki.apache.org/confluence/display/WW/S2-055https://cwiki.apache.org/confluence/display/WW/S2-055CONFIRMThird Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1599https://github.com/FasterXML/jackson-databind/issues/1599CONFIRMIssue Tracking
https://github.com/FasterXML/jackson-databind/issues/1723https://github.com/FasterXML/jackson-databind/issues/1723CONFIRMIssue Tracking Third Party Advisory
[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3CdevMLISTMailing List Third Party Advisory
[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3CcomMLIST
[lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.xhttps://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3CsolMLIST
[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Reporthttps://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3CsolMLIST
[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilitieshttps://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3CcomMLIST
[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3CdevMLISTMailing List Third Party Advisory
[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3CdevMLISTMailing List Third Party Advisory
[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3CdevMLISTMailing List Third Party Advisory
[lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.xhttps://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3CsolMLIST
[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.xhttps://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3CsolMLIST
[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3CdevMLISTMailing List Third Party Advisory
[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security updatehttps://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlMLIST
https://security.netapp.com/advisory/ntap-20171214-0002/https://security.netapp.com/advisory/ntap-20171214-0002/CONFIRMThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_usCONFIRMThird Party Advisory
DSA-4004https://www.debian.org/security/2017/dsa-4004DEBIANThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlMISCPatch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlCONFIRMPatch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlMISCPatch Third Party Advisory