CVE-2017-7525: FasterXML Jackson 代码问题漏洞

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2017-7525 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

来源: 美国国家漏洞数据库 NVD

CVSS Information

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

不完整的黑名单

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

FasterXML Jackson 代码问题漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。 FasterXML jackson-databind 2.6.7.1之前版本、2.7.9.1版本和2.8.9版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
FasterXML	jackson-databind	before 2.6.7.1	-

二、漏洞 CVE-2017-7525 的公开POC

#	POC 描述	源链接	神龙链接
1	Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告	https://github.com/SecureSkyTechnology/study-struts2-s2-054_055-jackson-cve-2017-7525_cve-2017-15095	POC详情
2	CVE-2017-7525 S2-055 Exploit	https://github.com/Nazicc/S2-055	POC详情
3	Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.	https://github.com/JavanXD/Demo-Exploit-Jackson-RCE	POC详情
4	Demo for CVE-2017-7525	https://github.com/BassinD/jackson-RCE	POC详情
5	Jackson Deserialization CVE-2017-7525 PoC	https://github.com/Dannners/jackson-deserialization-2017-7525	POC详情
6	Insecure Java Deserialization Lab	https://github.com/Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab	POC详情
7	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Jackson-databind%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%20CVE-2017-7525%2BCVE-2017-17485.md	POC详情
8		https://github.com/vulhub/vulhub/blob/master/jackson/CVE-2017-7525/README.md	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2017-7525 的情报信息

Please 登录 to view more intelligence information

https://github.com/FasterXML/jackson-databind/issues/1599x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1462702x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_usx_refsource_CONFIRM
https://cwiki.apache.org/confluence/display/WW/S2-055x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1723x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/99623vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039947vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039744vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1040360vdb-entryx_refsource_SECTRACK
https://www.debian.org/security/2017/dsa-4004vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:1836vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0342vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2638vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0910vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1839vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2635vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2633vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3455vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0294vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3454vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2547vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3456vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2546vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1834vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2636vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2477vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1835vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3141vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1840vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3458vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2637vendor-advisoryx_refsource_REDHAT
https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.htmlmailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlmailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-7525

IV. Related Vulnerabilities

Same product: jackson-databind

Same vendor: FasterXML

Same weakness: CWE-184

V. Comments for CVE-2017-7525

暂无评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2017-7525 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2017-7525 的公开POC

三、漏洞 CVE-2017-7525 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2017-7525

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

一、 漏洞 CVE-2017-7525 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2017-7525 的公开POC

三、漏洞 CVE-2017-7525 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2017-7525

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2017-7525 基础信息