CVE-2018-5968
Vulnerability Summary
Timeline
Description
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVSS Metrics
- v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 1.97%• Percentile: 84%
Techniques & Countermeasures
- CWE-184•Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
- CWE-502•Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Affected Systems
- debian•debian_linux
8.0 | 9.0
- fasterxml•jackson-databind
≥ 2.0.0, < 2.6.7.3 | ≥ 2.7.0, < 2.7.9.2 | ≥ 2.8.0, < 2.8.11.1 | ≥ 2.9.0, < 2.9.4
- com.fasterxml.jackson.core•jackson-databind
≥ 2.8.0, < 2.8.11.1 | ≥ 2.9.0, < 2.9.4 | < 2.7.9.5
- netapp•e-series_santricity_os_controller
≥ 11.0.0, ≤ 11.60.3
- netapp•e-series_santricity_web_services_proxy
na
- netapp•oncommand_shift
na
- redhat•jboss_enterprise_application_platform
7.1
- redhat•openshift_container_platform
4.1 | 3.11
- redhat•virtualization
4.0
- redhat•virtualization_host
4.0
References (19)
- https://access.redhat.com/errata/RHSA-2018:0479
- https://access.redhat.com/errata/RHSA-2018:0481
- https://access.redhat.com/errata/RHSA-2018:1525
- https://access.redhat.com/errata/RHSA-2018:0480
- https://www.debian.org/security/2018/dsa-4114
- https://access.redhat.com/errata/RHSA-2018:0478
- https://access.redhat.com/errata/RHSA-2019:2858
- https://access.redhat.com/errata/RHSA-2019:3149
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
- https://security.netapp.com/advisory/ntap-20180423-0002/
- https://github.com/FasterXML/jackson-databind/issues/1899
- https://nvd.nist.gov/vuln/detail/CVE-2018-5968
- https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
- https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605
- https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0
- https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381
- https://security.netapp.com/advisory/ntap-20180423-0002
- https://github.com/FasterXML/jackson-databind