FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability

Bugtraq ID: 99623
Class: Design Error
CVE: CVE-2017-7525
Remote: Yes
Local: No
Published: Jul 14 2017 12:00AM
Updated: Apr 18 2018 09:00AM
Credit: Liao Xinxi (NSFOCUS)
Vulnerable: Redhat Subscription Asset Manager 1.0.0
Redhat Software Collections for RHEL 0
Redhat Software Collections 1 for RHEL Workstation 7 0
Redhat Satellite 6
Redhat RHEV-M for Servers 0
Redhat RHEV-M 4.0
Redhat OpenShift Enterprise 2
Redhat Mobile Application Platform On-Premise 4
Redhat JBoss Operations Network (JBoss ON) 3.0
Redhat JBoss Fuse 6.0
Redhat JBoss Enterprise Application Platform -
Redhat JBoss EAP 7 0
Redhat Jboss EAP 6
Redhat JBoss Data Virtualization (JDV) 6.0
Redhat JBoss Data Grid 7.0.0
Redhat JBoss A-MQ 6.0
Oracle Weblogic Server 10.3.6 0
Oracle Weblogic Server 12.2.1.3
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.1.3.0
FasterXML jackson-databind 2.8.8
FasterXML jackson-databind 2.8.7
FasterXML jackson-databind 2.8.8.1
FasterXML jackson-databind 2.7.9.1
FasterXML jackson-databind 2.6.7.1
Apache Struts 2.5.14
Apache Struts 2.5.9
Apache Struts 2.5.8
Apache Struts 2.5.7
Apache Struts 2.5.6
Apache Struts 2.5.5
Apache Struts 2.5.4
Apache Struts 2.5.3
Apache Struts 2.5.2
Apache Struts 2.5.13
Apache Struts 2.5.12
Apache Struts 2.5.11
Apache Struts 2.5.10.1
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Not Vulnerable: FasterXML jackson-databind 2.9
FasterXML jackson-databind 2.8.9
Apache Struts 2.5.14.1


 

Privacy Statement
Copyright 2010, SecurityFocus