CVE-2018-12023

MEDIUM

Description

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

References

http://www.securityfocus.com/bid/105659

https://access.redhat.com/errata/RHBA-2019:0959

https://access.redhat.com/errata/RHSA-2019:0782

https://access.redhat.com/errata/RHSA-2019:0877

https://access.redhat.com/errata/RHSA-2019:1106

https://access.redhat.com/errata/RHSA-2019:1107

https://access.redhat.com/errata/RHSA-2019:1108

https://access.redhat.com/errata/RHSA-2019:1140

https://access.redhat.com/errata/RHSA-2019:1782

https://access.redhat.com/errata/RHSA-2019:1797

https://access.redhat.com/errata/RHSA-2019:1822

https://access.redhat.com/errata/RHSA-2019:1823

https://access.redhat.com/errata/RHSA-2019:2804

https://access.redhat.com/errata/RHSA-2019:2858

https://access.redhat.com/errata/RHSA-2019:3002

https://access.redhat.com/errata/RHSA-2019:3140

https://access.redhat.com/errata/RHSA-2019:3149

https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

https://github.com/FasterXML/jackson-databind/issues/2058

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.lucene.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/

https://seclists.org/bugtraq/2019/May/68

https://security.netapp.com/advisory/ntap-20190530-0003/

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

https://www.debian.org/security/2019/dsa-4452

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Details

Source: MITRE

Published: 2019-03-21

Updated: 2019-09-17

Type: CWE-502

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
125416	Debian DSA-4452-1 : jackson-databind - security update	Nessus	Debian Local Security Checks	high
124841	RHEL 7 : JBoss EAP (RHSA-2019:1108)	Nessus	Red Hat Local Security Checks	high
124840	RHEL 6 : JBoss EAP (RHSA-2019:1107)	Nessus	Red Hat Local Security Checks	high
122603	Debian DLA-1703-1 : jackson-databind security update	Nessus	Debian Local Security Checks	high
122290	Fedora 29 : bouncycastle / eclipse-jgit / eclipse-linuxtools / etc (2019-df57551f6d)	Nessus	Fedora Local Security Checks	high
121257	Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)	Nessus	Misc.	high
118594	Oracle Primavera Unifier Multiple Vulnerabilities (Oct 2018 CPU)	Nessus	CGI abuses	medium