安全研究
安全漏洞
FasterXML Jackson-databind远程代码执行漏洞
发布日期:2018-02-26
更新日期:2019-10-17
受影响系统:
FasterXML jackson-databind < 2.7.9.3描述:
FasterXML jackson-databind 2.9.5 > 2.9.x
FasterXML jackson-databind 2.8.11.1 > 2.8.x
BUGTRAQ ID: 103203
CVE(CAN) ID: CVE-2018-7489
FasterXML Jackson是一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML Jackson-databind 2.7.9.3之前版本、2.8.11.1之前的2.8.x版本、2.9.5之前的2.9.x版本中存在安全漏洞。远程攻击者可通过向ObjectMapper的readValue方法发送恶意制作的JSON输入,利用该漏洞执行代码。
<*来源:unknown
*>
建议:
厂商补丁:
FasterXML
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://github.com/FasterXML/jackson-databind/issues/1931
参考:
URL:http://www.securityfocus.com/bid/103203
CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CONFIRM:https://github.com/FasterXML/jackson-databind/issues/1931
CONFIRM:https://security.netapp.com/advisory/ntap-20180328-0001/
CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
DEBIAN:DSA-4190
URL:https://www.debian.org/security/2018/dsa-4190
MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
REDHAT:RHSA-2018:1447
URL:https://access.redhat.com/errata/RHSA-2018:1447
REDHAT:RHSA-2018:1448
URL:https://access.redhat.com/errata/RHSA-2018:1448
REDHAT:RHSA-2018:1449
URL:https://access.redhat.com/errata/RHSA-2018:1449
REDHAT:RHSA-2018:1450
URL:https://access.redhat.com/errata/RHSA-2018:1450
REDHAT:RHSA-2018:1451
URL:https://access.redhat.com/errata/RHSA-2018:1451
REDHAT:RHSA-2018:1786
URL:https://access.redhat.com/errata/RHSA-2018:1786
REDHAT:RHSA-2018:2088
URL:https://access.redhat.com/errata/RHSA-2018:2088
REDHAT:RHSA-2018:2089
URL:https://access.redhat.com/errata/RHSA-2018:2089
REDHAT:RHSA-2018:2090
URL:https://access.redhat.com/errata/RHSA-2018:2090
REDHAT:RHSA-2018:2938
URL:https://access.redhat.com/errata/RHSA-2018:2938
REDHAT:RHSA-2018:2939
URL:https://access.redhat.com/errata/RHSA-2018:2939
REDHAT:RHSA-2019:2858
URL:https://access.redhat.com/errata/RHSA-2019:2858
SECTRACK:1040693
URL:http://www.securitytracker.com/id/1040693
SECTRACK:1041890
URL:http://www.securitytracker.com/id/1041890
浏览次数:1045
严重程度:0(网友投票)
绿盟科技给您安全的保障