CVE-2017-7536
First published: Tue Jun 27 2017(Updated: )
A vulnerability which allows for a potential privilege escalation was found in the Hibernate Validator. If a security manager is present and HV itself is allowed to access private members reflectively as per the SM's configuration, that'll allow calling code without that permission to get hold of private state. The attack vector is to declare a constraint on a private member using XML, validate an invalid instance of that type and access the private member value via ConstraintViolation#getInvalidValue().
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/hibernate-validator | <4.3.4. | 4.3.4. |
| redhat/hibernate-validator | <5.3.5. | 5.3.5. |
| Red Hat Hibernate Validator | >=5.2.0<5.2.5 | |
| Red Hat Hibernate Validator | >=5.3.0<5.3.6 | |
| Red Hat Hibernate Validator | >=5.4.0<5.4.2 | |
| Red Hat Satellite | =6.4 | |
| Red Hat Satellite | =6.4 | |
| JBoss Enterprise Application Platform | =6.0.0 | |
| JBoss Enterprise Application Platform | =6.4.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| JBoss Enterprise Application Platform | =7.0 | |
| JBoss Enterprise Application Platform | =7.1 | |
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Virtualization Host EUS | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101048
- http://www.securitytracker.com/id/1039744
- https://access.redhat.com/errata/RHSA-2017:2808
- https://access.redhat.com/errata/RHSA-2017:2809
- https://access.redhat.com/errata/RHSA-2017:2810
- https://access.redhat.com/errata/RHSA-2017:2811
- https://access.redhat.com/errata/RHSA-2017:3141
- https://access.redhat.com/errata/RHSA-2017:3454
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2017:3458
- https://access.redhat.com/errata/RHSA-2018:2740
- https://access.redhat.com/errata/RHSA-2018:2741
- https://access.redhat.com/errata/RHSA-2018:2742
- https://access.redhat.com/errata/RHSA-2018:2743
- https://access.redhat.com/errata/RHSA-2018:2927
- https://access.redhat.com/errata/RHSA-2018:3817
- https://bugzilla.redhat.com/show_bug.cgi?id=1465573
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1465573#c21
- https://github.com/hibernate/hibernate-validator/tree/5.2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1465573#c24
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2017-7536?
CVE-2017-7536 is classified as a potential privilege escalation vulnerability.
How do I fix CVE-2017-7536?
To mitigate CVE-2017-7536, update Hibernate Validator to version 5.3.6 or later.
Which versions of Hibernate Validator are affected by CVE-2017-7536?
Hibernate Validator versions prior to 5.3.6 and 4.3.4 are affected by CVE-2017-7536.
Is CVE-2017-7536 relevant to Red Hat products?
Yes, CVE-2017-7536 affects multiple Red Hat products that utilize vulnerable versions of Hibernate Validator.
Can CVE-2017-7536 be exploited without a security manager?
No, CVE-2017-7536 requires a security manager configured to allow reflective access to private members.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7536
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- vendor/redhat
- canonical/red hat hibernate validator
- version/red hat hibernate validator/5.2.0
- version/red hat hibernate validator/5.3.0
- version/red hat hibernate validator/5.4.0
- canonical/red hat satellite
- version/red hat satellite/6.4
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/6.0.0
- version/jboss enterprise application platform/6.4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- version/jboss enterprise application platform/7.0
- version/jboss enterprise application platform/7.1
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0