CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

CVSS v3 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:0478	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0479	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0480	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0481	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1525	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2858	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3149	Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/1899	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180423-0002/	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	Third Party Advisory
https://www.debian.org/security/2018/dsa-4114	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::
	cpe:2.3:a:fasterxml:jackson-databind::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*
	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

Configuration 5 (hide)

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*

History

21 Jan 2021, 16:22

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netapp:e-series_santricity_os_controller:::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:::::::* cpe:2.3:a:netapp:oncommand_shift:-:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2019:3149 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2019:3149 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2019:2858 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2019:2858 - Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory
CVSS	v2 : ~~5.1~~ v3 : ~~8.1~~	v2 : 6.8 v3 : 8.1

Information

Published : 2018-01-22 04:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-5968

Mitre link : CVE-2018-5968

CVE.ORG link : CVE-2018-5968

JSON object : View

Products Affected

redhat

virtualization_host
enterprise_linux_server
jboss_enterprise_application_platform
openshift_container_platform
virtualization

fasterxml

jackson-databind

netapp

e-series_santricity_web_services_proxy
e-series_santricity_os_controller
oncommand_shift

debian

debian_linux

CWE

CWE-184

Incomplete List of Disallowed Inputs

CWE-502

Deserialization of Untrusted Data

8.1 /10