ID CVE-2018-7489
Summary FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
References
Vulnerable Configurations
  • FasterXML Jackson-databind 2.0.0
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0
  • FasterXML Jackson-databind 2.0.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc1
  • FasterXML Jackson-databind 2.0.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc2
  • FasterXML Jackson-databind 2.0.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.0.0:rc3
  • FasterXML Jackson-databind 2.0.1
    cpe:2.3:a:fasterxml:jackson-databind:2.0.1
  • FasterXML Jackson-databind 2.0.2
    cpe:2.3:a:fasterxml:jackson-databind:2.0.2
  • FasterXML Jackson-databind 2.0.4
    cpe:2.3:a:fasterxml:jackson-databind:2.0.4
  • FasterXML Jackson-databind 2.0.5
    cpe:2.3:a:fasterxml:jackson-databind:2.0.5
  • FasterXML Jackson-databind 2.0.6
    cpe:2.3:a:fasterxml:jackson-databind:2.0.6
  • FasterXML Jackson-databind 2.1.0
    cpe:2.3:a:fasterxml:jackson-databind:2.1.0
  • FasterXML Jackson-databind 2.1.1
    cpe:2.3:a:fasterxml:jackson-databind:2.1.1
  • FasterXML Jackson-databind 2.1.2
    cpe:2.3:a:fasterxml:jackson-databind:2.1.2
  • FasterXML Jackson-databind 2.1.3
    cpe:2.3:a:fasterxml:jackson-databind:2.1.3
  • FasterXML Jackson-databind 2.1.4
    cpe:2.3:a:fasterxml:jackson-databind:2.1.4
  • FasterXML Jackson-databind 2.1.5
    cpe:2.3:a:fasterxml:jackson-databind:2.1.5
  • FasterXML Jackson-databind 2.2.0
    cpe:2.3:a:fasterxml:jackson-databind:2.2.0
  • FasterXML Jackson-databind 2.2.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.2.0:rc1
  • FasterXML Jackson-databind 2.2.1
    cpe:2.3:a:fasterxml:jackson-databind:2.2.1
  • FasterXML Jackson-databind 2.2.2
    cpe:2.3:a:fasterxml:jackson-databind:2.2.2
  • FasterXML Jackson-databind 2.2.3
    cpe:2.3:a:fasterxml:jackson-databind:2.2.3
  • FasterXML Jackson-databind 2.2.4
    cpe:2.3:a:fasterxml:jackson-databind:2.2.4
  • FasterXML Jackson-databind 2.3.0
    cpe:2.3:a:fasterxml:jackson-databind:2.3.0
  • FasterXML Jackson-databind 2.3.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.3.0:rc1
  • FasterXML Jackson-databind 2.3.1
    cpe:2.3:a:fasterxml:jackson-databind:2.3.1
  • FasterXML Jackson-databind 2.3.2
    cpe:2.3:a:fasterxml:jackson-databind:2.3.2
  • FasterXML Jackson-databind 2.3.3
    cpe:2.3:a:fasterxml:jackson-databind:2.3.3
  • FasterXML Jackson-databind 2.3.4
    cpe:2.3:a:fasterxml:jackson-databind:2.3.4
  • FasterXML Jackson-databind 2.3.5
    cpe:2.3:a:fasterxml:jackson-databind:2.3.5
  • FasterXML Jackson-databind 2.4.0
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0
  • FasterXML Jackson-databind 2.4.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc1
  • FasterXML Jackson-databind 2.4.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc2
  • FasterXML Jackson-databind 2.4.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.4.0:rc3
  • FasterXML Jackson-databind 2.4.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1
  • FasterXML Jackson-databind 2.4.1.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1.1
  • FasterXML Jackson-databind 2.4.1.2
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1.2
  • FasterXML Jackson-databind 2.4.1.3
    cpe:2.3:a:fasterxml:jackson-databind:2.4.1.3
  • FasterXML Jackson-databind 2.4.2
    cpe:2.3:a:fasterxml:jackson-databind:2.4.2
  • FasterXML Jackson-databind 2.4.3
    cpe:2.3:a:fasterxml:jackson-databind:2.4.3
  • FasterXML Jackson-databind 2.4.4
    cpe:2.3:a:fasterxml:jackson-databind:2.4.4
  • FasterXML Jackson-databind 2.4.5
    cpe:2.3:a:fasterxml:jackson-databind:2.4.5
  • FasterXML Jackson-databind 2.4.5.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.5.1
  • FasterXML Jackson-databind 2.4.6
    cpe:2.3:a:fasterxml:jackson-databind:2.4.6
  • FasterXML Jackson-databind 2.4.6.1
    cpe:2.3:a:fasterxml:jackson-databind:2.4.6.1
  • FasterXML Jackson-databind 2.5.0
    cpe:2.3:a:fasterxml:jackson-databind:2.5.0
  • FasterXML Jackson-databind 2.5.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.5.0:rc1
  • FasterXML Jackson-databind 2.5.1
    cpe:2.3:a:fasterxml:jackson-databind:2.5.1
  • FasterXML Jackson-databind 2.5.2
    cpe:2.3:a:fasterxml:jackson-databind:2.5.2
  • FasterXML Jackson-databind 2.5.3
    cpe:2.3:a:fasterxml:jackson-databind:2.5.3
  • FasterXML Jackson-databind 2.5.4
    cpe:2.3:a:fasterxml:jackson-databind:2.5.4
  • FasterXML Jackson-databind 2.5.5
    cpe:2.3:a:fasterxml:jackson-databind:2.5.5
  • FasterXML Jackson-databind 2.6.0
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0
  • FasterXML Jackson-databind 2.6.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc1
  • FasterXML Jackson-databind 2.6.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc2
  • FasterXML Jackson-databind 2.6.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc3
  • FasterXML Jackson-databind 2.6.0 Release Candidate 4
    cpe:2.3:a:fasterxml:jackson-databind:2.6.0:rc4
  • FasterXML Jackson-databind 2.6.1
    cpe:2.3:a:fasterxml:jackson-databind:2.6.1
  • FasterXML Jackson-databind 2.6.2
    cpe:2.3:a:fasterxml:jackson-databind:2.6.2
  • FasterXML Jackson-databind 2.6.3
    cpe:2.3:a:fasterxml:jackson-databind:2.6.3
  • FasterXML Jackson-databind 2.6.4
    cpe:2.3:a:fasterxml:jackson-databind:2.6.4
  • FasterXML Jackson-databind 2.6.5
    cpe:2.3:a:fasterxml:jackson-databind:2.6.5
  • FasterXML Jackson-databind 2.6.6
    cpe:2.3:a:fasterxml:jackson-databind:2.6.6
  • FasterXML Jackson-databind 2.6.7
    cpe:2.3:a:fasterxml:jackson-databind:2.6.7
  • FasterXML Jackson-databind 2.6.7.1
    cpe:2.3:a:fasterxml:jackson-databind:2.6.7.1
  • FasterXML Jackson-databind 2.6.7.2
    cpe:2.3:a:fasterxml:jackson-databind:2.6.7.2
  • FasterXML Jackson-databind 2.7.0
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0
  • FasterXML Jackson-databind 2.7.0 Release Candidate 1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1
  • FasterXML Jackson-databind 2.7.0 Release Candidate 2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2
  • FasterXML Jackson-databind 2.7.0 Release Candidate 3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3
  • FasterXML Jackson-databind 2.7.1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.1
  • FasterXML Jackson-databind 2.7.1-1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.1-1
  • FasterXML Jackson-databind 2.7.2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.2
  • FasterXML Jackson-databind 2.7.3
    cpe:2.3:a:fasterxml:jackson-databind:2.7.3
  • FasterXML Jackson-databind 2.7.4
    cpe:2.3:a:fasterxml:jackson-databind:2.7.4
  • FasterXML Jackson-databind 2.7.5
    cpe:2.3:a:fasterxml:jackson-databind:2.7.5
  • FasterXML Jackson-databind 2.7.6
    cpe:2.3:a:fasterxml:jackson-databind:2.7.6
  • FasterXML Jackson-databind 2.7.7
    cpe:2.3:a:fasterxml:jackson-databind:2.7.7
  • FasterXML Jackson-databind 2.7.8
    cpe:2.3:a:fasterxml:jackson-databind:2.7.8
  • FasterXML Jackson-databind 2.7.9
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9
  • FasterXML Jackson-databind 2.7.9.1
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.1
  • FasterXML Jackson-databind 2.7.9.2
    cpe:2.3:a:fasterxml:jackson-databind:2.7.9.2
  • FasterXML Jackson-databind 2.8.0
    cpe:2.3:a:fasterxml:jackson-databind:2.8.0
  • FasterXML Jackson-databind 2.8.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.1
  • FasterXML Jackson-databind 2.8.2
    cpe:2.3:a:fasterxml:jackson-databind:2.8.2
  • FasterXML Jackson-databind 2.8.3
    cpe:2.3:a:fasterxml:jackson-databind:2.8.3
  • FasterXML Jackson-databind 2.8.4
    cpe:2.3:a:fasterxml:jackson-databind:2.8.4
  • FasterXML Jackson-databind 2.8.5
    cpe:2.3:a:fasterxml:jackson-databind:2.8.5
  • FasterXML Jackson-databind 2.8.6
    cpe:2.3:a:fasterxml:jackson-databind:2.8.6
  • FasterXML Jackson-databind 2.8.7
    cpe:2.3:a:fasterxml:jackson-databind:2.8.7
  • FasterXML Jackson-databind 2.8.8
    cpe:2.3:a:fasterxml:jackson-databind:2.8.8
  • FasterXML Jackson-databind 2.8.8.1
    cpe:2.3:a:fasterxml:jackson-databind:2.8.8.1
  • FasterXML Jackson-databind 2.8.9
    cpe:2.3:a:fasterxml:jackson-databind:2.8.9
  • FasterXML Jackson-databind 2.8.10
    cpe:2.3:a:fasterxml:jackson-databind:2.8.10
  • FasterXML Jackson-Databind 2.8.11
    cpe:2.3:a:fasterxml:jackson-databind:2.8.11
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
    cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0
  • cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1
    cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-184
CAPEC
  • Command Delimiters
    An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
  • Flash Parameter Injection
    An attacker injects values to global parameters into a Flash movie embedded in an HTML document. These injected parameters are controlled through arguments in the URL used to access the embedding HTML document. As such, this is a form of HTTP parameter injection, but the abilities granted to the Flash document (such as access to a page's document model, including associated cookies) make this attack more flexible. The injected parameters can allow the attacker to control other objects within the Flash movie as well as full control over the parent document's DOM model.
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Flash Injection
    An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
  • Using Leading 'Ghost' Character Sequences to Bypass Input Filters
    An attacker intentionally introduces leading characters that enable getting the input past the filters. The API that is being targeted, ignores the leading "ghost" characters, and therefore processes the attackers' input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API. Some APIs will strip certain leading characters from a string of parameters. Perhaps these characters are considered redundant, and for this reason they are removed. Another possibility is the parser logic at the beginning of analysis is specialized in some way that causes some characters to be removed. The attacker can specify multiple types of alternative encodings at the beginning of a string as a set of probes. One commonly used possibility involves adding ghost characters--extra characters that don't affect the validity of the request at the API layer. If the attacker has access to the API libraries being targeted, certain attack ideas can be tested directly in advance. Once alternative ghost encodings emerge through testing, the attacker can move from lab-based API testing to testing real-world service implementations.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Argument Injection
    An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
  • Simple Script Injection
    An attacker embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • Using Unicode Encoding to Bypass Validation Logic
    An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
  • User-Controlled Filename
    An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
  • Embedding Script (XSS) in HTTP Headers
    An attack of this type exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2090.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110798
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110798
    title RHEL 6 : JBoss EAP (RHSA-2018:2090)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4190.NASL
    description It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 109557
    published 2018-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109557
    title Debian DSA-4190-1 : jackson-databind - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2089.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110797
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110797
    title RHEL 7 : JBoss EAP (RHSA-2018:2089)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1449.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095) * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978) * solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360Guan Xing Shi Yan Shi for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109906
    published 2018-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109906
    title RHEL 6 : JBoss EAP (RHSA-2018:1449)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1451.NASL
    description An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Security Fix(es) : * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095) * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978) * solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360Guan Xing Shi Yan Shi for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109838
    published 2018-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109838
    title RHEL 6 : eap6-jboss-ec2-eap (RHSA-2018:1451)
  • NASL family Databases
    NASL id ORACLE_RDBMS_CPU_OCT_2018.NASL
    description The remote Oracle Database Server is missing the October 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities, including remote code execution, as noted in the October 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118230
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118230
    title Oracle Database Server Multiple Vulnerabilities (October 2018 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1448.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095) * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978) * solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360Guan Xing Shi Yan Shi for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109905
    published 2018-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109905
    title RHEL 7 : JBoss EAP (RHSA-2018:1448)
  • NASL family CGI abuses
    NASL id ACTIVEMQ_5_15_5.NASL
    description The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 112192
    published 2018-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112192
    title Apache ActiveMQ 5.x < 5.15.5 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-633ACF0ED6.NASL
    description Security fix for CVE-2018-7489 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120474
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120474
    title Fedora 28 : jackson-databind (2018-633acf0ed6)
  • NASL family CGI abuses
    NASL id ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2018.NASL
    description According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.15, 16.x prior to 16.2.8, or 17.x prior to 17.12.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 118714
    published 2018-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118714
    title Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2018 CPU)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_93F8E0FFF33D11E8BE460019DBB15B3F.NASL
    description FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 119272
    published 2018-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119272
    title FreeBSD : payara -- Default typing issue in Jackson Databind (93f8e0ff-f33d-11e8-be46-0019dbb15b3f)
  • NASL family Misc.
    NASL id ORACLE_WEBLOGIC_SERVER_CPU_JUL_2018.NASL
    description The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework (Sample Apps) subcomponent in Oracle WebLogic allows an unauthenticated, remote attacker to takeover a WebLogic server. (CVE-2018-1275) - An unspecified vulnerability in the WLS Core Components subcomponent in Oracle WebLogic allows an unauthenticated, remote attacker to takeover a WebLogic server. (CVE-2018-2893) - An unspecified vulnerability in the WLS - Web Services subcomponent in Oracle WebLogic allows an unauthenticated, remote attacker with HTTP access to compromise and takeover a WebLogic server. (CVE-2018-2894) In addition, Oracle WebLogic Server is affected by several other lower scoring vulnerabilities in the WLS Core Components, JSF, SAML, and Console (jackson-databind) subcomponents. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111209
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111209
    title Oracle WebLogic Server Multiple Vulnerabilities (July 2018 CPU)
redhat via4
advisories
  • rhsa
    id RHSA-2018:1447
  • rhsa
    id RHSA-2018:1448
  • rhsa
    id RHSA-2018:1449
  • rhsa
    id RHSA-2018:1450
  • rhsa
    id RHSA-2018:1451
  • rhsa
    id RHSA-2018:1786
  • rhsa
    id RHSA-2018:2088
  • rhsa
    id RHSA-2018:2089
  • rhsa
    id RHSA-2018:2090
  • rhsa
    id RHSA-2018:2938
  • rhsa
    id RHSA-2018:2939
refmap via4
bid 103203
confirm
debian DSA-4190
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
sectrack
  • 1040693
  • 1041890
Last major update 26-02-2018 - 10:29
Published 26-02-2018 - 10:29
Last modified 10-05-2019 - 16:19
Back to Top