CVE-2018-7489 in WebLogic Serverजानकारी

सारांश

द्वारा MITRE

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

आरक्षित करना

26/02/2018

प्रविष्टि

21

संबंधित करना

दिखाना

EPSS

0.20135

गतिविधियाँ

बहुत कम

क्षेत्र

Energy, Industry, ...

स्रोत

Want to know what is going to be exploited?

We predict KEV entries!