CVE-2017-7525

9.8

CRITICAL

Jackson Databind Deserialization Code Execution Vulnerability

Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

INFO

Published Date :

Feb. 6, 2018, 3:29 p.m.

Last Modified :

Nov. 7, 2023, 2:50 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9 Public PoC/Exploit Available at Github

CVE-2017-7525 has a 57 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2017-7525 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Oracle	primavera_unifier
2	Oracle	communications_billing_and_revenue_management
3	Oracle	webcenter_portal
4	Oracle	banking_platform
5	Oracle	communications_instant_messaging_server
6	Oracle	communications_diameter_signaling_route
7	Oracle	financial_services_analytical_applications_infrastructure
8	Oracle	enterprise_manager_for_virtualization
9	Oracle	global_lifecycle_management_opatchauto
10	Oracle	utilities_advanced_spatial_and_operational_analytics
11	Oracle	communications_communications_policy_management
1	Redhat	openshift_container_platform
2	Redhat	virtualization
3	Redhat	virtualization_host
4	Redhat	jboss_enterprise_application_platform
1	Netapp	oncommand_balance
2	Netapp	oncommand_performance_manager
3	Netapp	snapcenter
4	Netapp	oncommand_shift
1	Debian	debian_linux
1	Fasterxml	jackson-databind

: Total Affected Vendor : 5 | Products : 21

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-7525.

URL	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/99623	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039744	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039947	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040360	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1834	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1835	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1836	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1837	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1839	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1840	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2477	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2546	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2547	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2633	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2635	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2636	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2637	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2638	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3141	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3455	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3456	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3458	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0294	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0342	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1449	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1450	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0910	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2858	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3149	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1462702	Issue Tracking Third Party Advisory
https://cwiki.apache.org/confluence/display/WW/S2-055	Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1599	Issue Tracking Patch Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1723	Issue Tracking Third Party Advisory
https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20171214-0002/	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	Third Party Advisory
https://www.debian.org/security/2017/dsa-4004	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

XiaomingX/awesome-poc-for-red-team

None

Updated: 4 days, 14 hours ago

0 stars 2 fork 2 watcher

Born at : Nov. 17, 2024, 11:53 a.m. This repo has been linked 414 different CVEs too.

atul-joshi-aera/jackson-2017-7525

None

Java

Updated: 1 month ago

0 stars 0 fork 0 watcher

Born at : Oct. 1, 2024, 7:52 a.m. This repo has been linked 1 different CVEs too.

bakery312/Vulhub-Reproduce

None

Updated: 9 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : Jan. 26, 2024, 10:07 a.m. This repo has been linked 161 different CVEs too.

ongamse/Scala

None

Java Scala HTML Python JavaScript Shell

Updated: 11 months ago

0 stars 0 fork 0 watcher

Born at : Dec. 18, 2023, 3:58 p.m. This repo has been linked 2 different CVEs too.

softrams/cve-risk-scores

Check CVSS v3.1 and EPSS scores for a given CVE ID and whether its in CISA KEV catalog

cisa-kev cve cvssv3 epss nvd risk-assessment vulnerabilities supply-chain-security

JavaScript

Updated: 1 year ago

0 stars 0 fork 0 watcher

Born at : Oct. 25, 2023, 11:02 p.m. This repo has been linked 2 different CVEs too.

Jake-Schoellkopf/Insecure-Java-Deserialization

None

Updated: 2 months, 3 weeks ago

3 stars 0 fork 0 watcher

Born at : Oct. 6, 2023, 11:53 a.m. This repo has been linked 3 different CVEs too.

hktalent/bug-bounty

bounty collection

Shell Python Dockerfile Ruby JavaScript ASP.NET Classic ASP HTML PHP Jupyter Notebook

Updated: 2 months, 2 weeks ago

26 stars 4 fork 4 watcher

Born at : Sept. 11, 2023, 11:19 a.m. This repo has been linked 234 different CVEs too.

seal-community/patches

A centralized repository of standalone security patches for open source libraries.

appsec backport cve devsecops fix hotfix open-source patch protection remediation seal security update upgrade vulnerability

Updated: 4 months, 3 weeks ago

182 stars 0 fork 0 watcher

Born at : July 30, 2023, 4:46 p.m. This repo has been linked 265 different CVEs too.

lnick2023/nicenice

None

Updated: 1 year, 10 months ago

0 stars 0 fork 0 watcher

Born at : Jan. 11, 2023, 1:21 p.m. This repo has been linked 1042 different CVEs too.

GhostTroops/myhktools

struts2全套Exp

struts2-exp

Java Python JavaScript Shell Batchfile VBScript Perl HTML

Updated: 7 months, 2 weeks ago

5 stars 1 fork 1 watcher

Born at : Dec. 21, 2022, 3:15 a.m. This repo has been linked 31 different CVEs too.

readloud/Awesome-Stars

A curated list of my GitHub stars! Generated by starred

Updated: 11 months, 1 week ago

1 stars 0 fork 0 watcher

Born at : Oct. 8, 2022, 12:38 p.m. This repo has been linked 62 different CVEs too.

touchmycrazyredhat/myhktools

None

Java Python JavaScript Shell Batchfile VBScript Perl HTML

Updated: 3 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : Sept. 5, 2022, 2:10 p.m. This repo has been linked 31 different CVEs too.

Drun1baby/JavaSecurityLearning

记录一下 Java 安全学习历程，也算是半条学习路线了

java

Java CSS HTML Python JavaScript FreeMarker Dockerfile C Scala

Updated: 2 months, 2 weeks ago

906 stars 92 fork 92 watcher

Born at : July 11, 2022, 10:06 a.m. This repo has been linked 10 different CVEs too.

xbl2022/awesome-hacking-lists

None

Updated: 2 years, 6 months ago

0 stars 0 fork 0 watcher

Born at : April 30, 2022, 6:06 p.m. This repo has been linked 55 different CVEs too.

killvxk/Awesome-Exploit

一个漏洞利用工具仓库

Python PHP Java C Makefile C++ Dockerfile Shell Perl RPC

Updated: 2 years, 6 months ago

0 stars 72 fork 72 watcher

Born at : April 22, 2022, 10:21 a.m. This repo has been linked 48 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-7525 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-7525 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Action	Type	Old Value	New Value
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E [No types assigned]
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

Action	Type	Old Value	New Value
Changed	Reference Type	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Third Party Advisory	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory
Changed	Reference Type	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Third Party Advisory	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch, Third Party Advisory
Changed	Reference Type	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Third Party Advisory	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch, Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch, Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory
Removed	CPE Configuration	OR cpe:2.3:a:apache:struts::::::::* versions from (including) 2.5 up to (including) 2.5.14

Action	Type	Old Value	New Value
Removed	CVSS V3	NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Third Party Advisory
Changed	Reference Type	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch, Third Party Advisory	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Third Party Advisory
Changed	Reference Type	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch, Third Party Advisory	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2858 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2858 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:3149 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:3149 Third Party Advisory
Changed	Reference Type	https://github.com/FasterXML/jackson-databind/issues/1599 Issue Tracking	https://github.com/FasterXML/jackson-databind/issues/1599 Issue Tracking, Patch, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html Third Party Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html Third Party Advisory
Changed	Reference Type	https://www.oracle.com/security-alerts/cpuoct2020.html No Types Assigned	https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch, Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Patch, Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Third Party Advisory
Changed	CPE Configuration	OR cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.6.0 up to (excluding) 2.6.7.1 cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.7.0 up to (excluding) 2.7.9.1 cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.8.0 up to (excluding) 2.8.9	OR cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.6.0 up to (excluding) 2.6.7.1 cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.7.0 up to (excluding) 2.7.9.1 cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.8.0 up to (excluding) 2.8.9 cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1::::::* cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2::::::*
Changed	CPE Configuration	OR cpe:2.3:a:fasterxml:jackson::::::::* versions from (including) 1.0.0 up to (including) 1.9	OR cpe:2.3:a:apache:struts::::::::* versions from (including) 2.5 up to (including) 2.5.14
Changed	CPE Configuration	OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0::::::: cpe:2.3:a:redhat:virtualization_host:4.0:::::::	AND OR cpe:2.3:a:redhat:openshift_container_platform:4.1::::::: cpe:2.3:a:redhat:virtualization:4.0::::::: cpe:2.3:a:redhat:virtualization_host:4.0::::::: OR cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
Added	CPE Configuration		OR cpe:2.3:a:netapp:oncommand_balance:-::::::: cpe:2.3:a:netapp:oncommand_performance_manager:-:::::linux::* cpe:2.3:a:netapp:oncommand_performance_manager:-:::::vmware_vsphere::* cpe:2.3:a:netapp:oncommand_shift:-::::::: cpe:2.3:a:netapp:snapcenter:-:::::::
Added	CPE Configuration		AND OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1::::::: OR cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
Added	CPE Configuration		AND OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0::::::: OR cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
Added	CPE Configuration		OR cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::
Added	CPE Configuration		OR cpe:2.3:a:oracle:banking_platform:2.5.0::::::: cpe:2.3:a:oracle:banking_platform:2.6.0::::::: cpe:2.3:a:oracle:banking_platform:2.6.1::::::: cpe:2.3:a:oracle:banking_platform:2.6.2::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5::::::: cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0::::::: cpe:2.3:a:oracle:communications_communications_policy_management::::::::* versions from (including) 12.0 up to (including) 12.5.2 cpe:2.3:a:oracle:communications_diameter_signaling_route::::::::* versions up to (excluding) 8.3 cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1::::::: cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0::::::: cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2::::::: cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3::::::: cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0::::::: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0::::::: cpe:2.3:a:oracle:global_lifecycle_management_opatchauto::::::::* versions up to (excluding) 12.2.0.1.14 cpe:2.3:a:oracle:primavera_unifier:16.1::::::: cpe:2.3:a:oracle:primavera_unifier:16.2::::::: cpe:2.3:a:oracle:primavera_unifier::::::::* versions from (including) 17.1 up to (including) 17.12 cpe:2.3:a:oracle:primavera_unifier:18.8::::::: cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1::::::: cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::

Action	Type	Old Value	New Value
Added	CVSS V2		(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added	CVSS V3		AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:3141 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:3141 Third Party Advisory
Changed	Reference Type	https://github.com/FasterXML/jackson-databind/issues/1599 No Types Assigned	https://github.com/FasterXML/jackson-databind/issues/1599 Issue Tracking
Changed	Reference Type	http://www.securitytracker.com/id/1040360 No Types Assigned	http://www.securitytracker.com/id/1040360 Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.securitytracker.com/id/1039947 No Types Assigned	http://www.securitytracker.com/id/1039947 Third Party Advisory, VDB Entry
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:1840 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:1840 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2477 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2477 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2546 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2546 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:3458 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:3458 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2547 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2547 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:1835 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:1835 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:1834 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:1834 Third Party Advisory
Changed	Reference Type	http://www.securitytracker.com/id/1039744 No Types Assigned	http://www.securitytracker.com/id/1039744 Third Party Advisory, VDB Entry
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:1837 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:1837 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:1836 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:1836 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:1839 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:1839 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2018:0342 No Types Assigned	https://access.redhat.com/errata/RHSA-2018:0342 Third Party Advisory
Changed	Reference Type	https://bugzilla.redhat.com/show_bug.cgi?id=1462702 No Types Assigned	https://bugzilla.redhat.com/show_bug.cgi?id=1462702 Issue Tracking, Third Party Advisory
Changed	Reference Type	http://www.securityfocus.com/bid/99623 No Types Assigned	http://www.securityfocus.com/bid/99623 Third Party Advisory, VDB Entry
Changed	Reference Type	https://github.com/FasterXML/jackson-databind/issues/1723 No Types Assigned	https://github.com/FasterXML/jackson-databind/issues/1723 Issue Tracking, Third Party Advisory
Changed	Reference Type	https://www.debian.org/security/2017/dsa-4004 No Types Assigned	https://www.debian.org/security/2017/dsa-4004 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:3456 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:3456 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:3454 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:3454 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:3455 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:3455 Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20171214-0002/ No Types Assigned	https://security.netapp.com/advisory/ntap-20171214-0002/ Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2633 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2633 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2636 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2636 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2635 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2635 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2638 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2638 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2017:2637 No Types Assigned	https://access.redhat.com/errata/RHSA-2017:2637 Third Party Advisory
Changed	Reference Type	https://cwiki.apache.org/confluence/display/WW/S2-055 No Types Assigned	https://cwiki.apache.org/confluence/display/WW/S2-055 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2018:0294 No Types Assigned	https://access.redhat.com/errata/RHSA-2018:0294 Third Party Advisory
Added	CWE		CWE-502
Added	CPE Configuration		OR cpe:2.3:a:fasterxml:jackson-databind::::::::* versions up to (excluding) 2.6.7.1 cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.7.0 up to (excluding) 2.7.9.1 cpe:2.3:a:fasterxml:jackson-databind::::::::* versions from (including) 2.8.0 up to (excluding) 2.8.9
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:8.0::::::: cpe:2.3:o:debian:debian_linux:9.0:::::::

CVE-2017-7525

Jackson Databind Deserialization Code Execution Vulnerability

Description

INFO

Feb. 6, 2018, 3:29 p.m.

Nov. 7, 2023, 2:50 a.m.

Yes !

5.9

3.9

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CPE Deprecation Remap by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

49.30 }} -7.81%

0.97557

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)