CVE-2017-7525
Published at:
-
06-02-2018 04:29
Last modified:
-
12-04-2022 06:17
Total changes:
-
7
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
Verification logic
Reference
- https://github.com/FasterXML/jackson-databind/issues/1599
- https://github.com/FasterXML/jackson-databind/issues/1723
- https://bugzilla.redhat.com/show_bug.cgi?id=1462702
- DSA-4004-Third Party Advisory
- https://security.netapp.com/advisory/ntap-20171214-0002/
- RHSA-2017:3458-Third Party Advisory
- RHSA-2017:3456-Third Party Advisory
- RHSA-2017:3455-Third Party Advisory
- RHSA-2017:3454-Third Party Advisory
- RHSA-2017:3141-Third Party Advisory
- RHSA-2017:2638-Third Party Advisory
- RHSA-2017:2637-Third Party Advisory
- RHSA-2017:2636-Third Party Advisory
- RHSA-2017:2635-Third Party Advisory
- RHSA-2017:2633-Third Party Advisory
- RHSA-2017:2547-Third Party Advisory
- RHSA-2017:2546-Third Party Advisory
- RHSA-2017:2477-Third Party Advisory
- RHSA-2017:1840-Third Party Advisory
- RHSA-2017:1839-Third Party Advisory
- RHSA-2017:1837-Third Party Advisory
- RHSA-2017:1836-Third Party Advisory
- RHSA-2017:1835-Third Party Advisory
- RHSA-2017:1834-Third Party Advisory
- 1039947-Third Party Advisory, VDB Entry
- 1039744-Third Party Advisory, VDB Entry
- 99623-Third Party Advisory, VDB Entry
- https://cwiki.apache.org/confluence/display/WW/S2-055
- RHSA-2018:0294-Third Party Advisory
- 1040360-Third Party Advisory, VDB Entry
- RHSA-2018:0342-Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- RHSA-2018:1450-Third Party Advisory
- RHSA-2018:1449-Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- [lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...-Mailing List, Third Party Advisory
- [lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...-Mailing List, Third Party Advisory
- [lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...-Mailing List, Third Party Advisory
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...-Mailing List, Third Party Advisory
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...-Mailing List, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- RHSA-2019:0910-Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2858-Third Party Advisory
- RHSA-2019:3149-Third Party Advisory
- [lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report-Mailing List, Third Party Advisory
- [cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4-Mailing List, Third Party Advisory
- [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities-Mailing List, Third Party Advisory
- [lucene-solr-user] 20191218 CVE-2017-7525 fix for Solr 7.7.x-Mailing List, Third Party Advisory
- [lucene-solr-user] 20191218 Re: CVE-2017-7525 fix for Solr 7.7.x-Mailing List, Third Party Advisory
- [lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x-Mailing List, Third Party Advisory
- [debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update-Mailing List, Third Party Advisory
- [debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.html
- [spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries-Mailing List, Third Party Advisory
- [cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4-Mailing List, Third Party Advisory
- [cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4-Mailing List, Third Party Advisory
Keywords