CVE-2018-5968

Current Description

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Referenced by CVEs:CVE-2019-10202

Basic Data

PublishedJanuary 22, 2018
Last ModifiedSeptember 27, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-184
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityHIGH
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score8.1
CVSS 3 - Base SeverityHIGH
Exploitability Score2.2
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFasterxmlJackson-databind********2.7.9.5
    2.3ApplicationFasterxmlJackson-databind********2.8.02.8.11
    2.3ApplicationFasterxmlJackson-databind********2.9.02.9.3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization4.0*******
    2.3ApplicationRedhatVirtualization Host4.0*******

Vulnerable Software List

VendorProductVersions
Fasterxml Jackson-databind *
Debian Debian Linux 8.0, 9.0
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0

References

NameSourceURLTags
RHSA-2018:0478https://access.redhat.com/errata/RHSA-2018:0478REDHATThird Party Advisory
RHSA-2018:0479https://access.redhat.com/errata/RHSA-2018:0479REDHATThird Party Advisory
RHSA-2018:0480https://access.redhat.com/errata/RHSA-2018:0480REDHATThird Party Advisory
RHSA-2018:0481https://access.redhat.com/errata/RHSA-2018:0481REDHATThird Party Advisory
RHSA-2018:1525https://access.redhat.com/errata/RHSA-2018:1525REDHATThird Party Advisory
RHSA-2019:2858https://access.redhat.com/errata/RHSA-2019:2858REDHAT
RHSA-2019:3149https://access.redhat.com/errata/RHSA-2019:3149REDHAT
https://github.com/FasterXML/jackson-databind/issues/1899https://github.com/FasterXML/jackson-databind/issues/1899MISCThird Party Advisory
https://security.netapp.com/advisory/ntap-20180423-0002/https://security.netapp.com/advisory/ntap-20180423-0002/CONFIRMThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_usCONFIRMThird Party Advisory
DSA-4114https://www.debian.org/security/2018/dsa-4114DEBIANThird Party Advisory