FasterXML Jackson-databind CVE-2017-7525 Deserialization Remote Code Execution Vulnerability

Bugtraq ID: 99623
Class: Design Error
CVE: CVE-2017-7525
Remote: Yes
Local: No
Published: Jul 14 2017 12:00AM
Updated: Dec 19 2017 10:01PM
Credit: Liao Xinxi (NSFOCUS)
Vulnerable: Redhat Subscription Asset Manager 1.0.0
Redhat Software Collections for RHEL 0
Redhat Software Collections 1 for RHEL Workstation 7 0
Redhat Satellite 6
Redhat RHEV-M for Servers 0
Redhat RHEV-M 4.0
Redhat OpenShift Enterprise 2
Redhat Mobile Application Platform On-Premise 4
Redhat JBoss Operations Network (JBoss ON) 3.0
Redhat JBoss Fuse 6.0
Redhat JBoss Enterprise Application Platform -
Redhat JBoss EAP 7 0
Redhat Jboss EAP 6
Redhat JBoss Data Virtualization (JDV) 6.0
Redhat JBoss Data Grid 7.0.0
Redhat JBoss A-MQ 6.0
FasterXML jackson-databind 2.8.9
FasterXML jackson-databind 2.8.8
FasterXML jackson-databind 2.8.7
FasterXML jackson-databind 2.8.8.1
FasterXML jackson-databind 2.7.9.1
FasterXML jackson-databind 2.6.7.1
Apache Struts 2.5.14
Apache Struts 2.5.9
Apache Struts 2.5.8
Apache Struts 2.5.7
Apache Struts 2.5.6
Apache Struts 2.5.5
Apache Struts 2.5.4
Apache Struts 2.5.3
Apache Struts 2.5.2
Apache Struts 2.5.13
Apache Struts 2.5.12
Apache Struts 2.5.11
Apache Struts 2.5.10.1
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Not Vulnerable: Apache Struts 2.5.14.1


 

Privacy Statement
Copyright 2010, SecurityFocus