First published: Mon Feb 26 2018(Updated: )
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/codehaus-jackson | <0:1.9.9-12.redhat_6.1.ep6.el5 | 0:1.9.9-12.redhat_6.1.ep6.el5 |
redhat/hornetq | <0:2.3.25-26.SP24_redhat_1.1.ep6.el5 | 0:2.3.25-26.SP24_redhat_1.1.ep6.el5 |
redhat/jboss-as-appclient | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-appclient | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-bundles | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-cli | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-client-all | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-clustering | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-cmp | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-configadmin | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-connector | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-controller-client | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-core | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-core-security | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-deployment-repository | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-deployment-scanner | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-domain | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-domain-http | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-domain-management | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-ee | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-ee-deployment | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-ejb3 | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-embedded | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-host-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jacorb | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-javadocs | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jaxr | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jaxrs | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jdr | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jmx | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jpa | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jsf | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-jsr77 | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-logging | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-mail | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-management-client-content | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-messaging | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-modcluster | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-modules-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-naming | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-network | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-osgi | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-osgi-configadmin | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-osgi-service | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-picketlink | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-platform-mbean | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-pojo | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-process-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-product-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-protocol | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-remoting | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-sar | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-security | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-server | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-standalone | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-system-jmx | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-threads | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-transactions | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-version | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-web | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-webservices | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossas-welcome-content-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-weld | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jboss-as-xts | <0:7.5.20-1.Final_redhat_1.1.ep6.el5 | 0:7.5.20-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossts | <1:4.17.43-1.Final_redhat_1.1.ep6.el5 | 1:4.17.43-1.Final_redhat_1.1.ep6.el5 |
redhat/jbossweb | <0:7.5.28-1.Final_redhat_1.1.ep6.el5 | 0:7.5.28-1.Final_redhat_1.1.ep6.el5 |
redhat/jgroups | <1:3.2.18-1.Final_redhat_1.1.ep6.el5 | 1:3.2.18-1.Final_redhat_1.1.ep6.el5 |
redhat/lucene-solr | <0:3.6.2-8.redhat_9.1.ep6.el5 | 0:3.6.2-8.redhat_9.1.ep6.el5 |
redhat/picketbox | <0:4.1.7-1.Final_redhat_1.1.ep6.el5 | 0:4.1.7-1.Final_redhat_1.1.ep6.el5 |
redhat/codehaus-jackson | <0:1.9.9-12.redhat_6.1.ep6.el6 | 0:1.9.9-12.redhat_6.1.ep6.el6 |
redhat/hornetq | <0:2.3.25-26.SP24_redhat_1.1.ep6.el6 | 0:2.3.25-26.SP24_redhat_1.1.ep6.el6 |
redhat/jboss-as-appclient | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-appclient | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-bundles | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-cli | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-client-all | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-clustering | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-cmp | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-configadmin | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-connector | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-controller-client | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-core | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-core-security | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-deployment-repository | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-deployment-scanner | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-domain | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-domain-http | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-domain-management | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-ee | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-ee-deployment | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-ejb3 | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-embedded | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-host-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jacorb | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-javadocs | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jaxr | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jaxrs | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jdr | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jmx | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jpa | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jsf | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-jsr77 | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-logging | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-mail | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-management-client-content | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-messaging | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-modcluster | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-modules-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-naming | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-network | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-osgi | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-osgi-configadmin | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-osgi-service | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-picketlink | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-platform-mbean | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-pojo | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-process-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-product-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-protocol | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-remoting | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-sar | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-security | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-server | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-standalone | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-system-jmx | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-threads | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-transactions | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-version | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-web | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-webservices | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossas-welcome-content-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-weld | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-as-xts | <0:7.5.20-1.Final_redhat_1.1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossts | <1:4.17.43-1.Final_redhat_1.1.ep6.el6 | 1:4.17.43-1.Final_redhat_1.1.ep6.el6 |
redhat/jbossweb | <0:7.5.28-1.Final_redhat_1.1.ep6.el6 | 0:7.5.28-1.Final_redhat_1.1.ep6.el6 |
redhat/jgroups | <1:3.2.18-1.Final_redhat_1.1.ep6.el6 | 1:3.2.18-1.Final_redhat_1.1.ep6.el6 |
redhat/lucene-solr | <0:3.6.2-8.redhat_9.1.ep6.el6 | 0:3.6.2-8.redhat_9.1.ep6.el6 |
redhat/picketbox | <0:4.1.7-1.Final_redhat_1.1.ep6.el6 | 0:4.1.7-1.Final_redhat_1.1.ep6.el6 |
redhat/jboss-ec2-eap | <0:7.5.20-1.Final_redhat_1.ep6.el6 | 0:7.5.20-1.Final_redhat_1.ep6.el6 |
redhat/codehaus-jackson | <0:1.9.9-12.redhat_6.1.ep6.el7 | 0:1.9.9-12.redhat_6.1.ep6.el7 |
redhat/hornetq | <0:2.3.25-26.SP24_redhat_1.1.ep6.el7 | 0:2.3.25-26.SP24_redhat_1.1.ep6.el7 |
redhat/jboss-as-appclient | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-appclient | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-bundles | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-cli | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-client-all | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-clustering | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-cmp | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-configadmin | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-connector | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-controller-client | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-core | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-core-security | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-deployment-repository | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-deployment-scanner | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-domain | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-domain-http | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-domain-management | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-ee | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-ee-deployment | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-ejb3 | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-embedded | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-host-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jacorb | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-javadocs | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jaxr | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jaxrs | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jdr | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jmx | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jpa | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jsf | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-jsr77 | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-logging | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-mail | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-management-client-content | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-messaging | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-modcluster | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-modules-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-naming | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-network | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-osgi | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-osgi-configadmin | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-osgi-service | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-picketlink | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-platform-mbean | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-pojo | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-process-controller | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-product-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-protocol | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-remoting | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-sar | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-security | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-server | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-standalone | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-system-jmx | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-threads | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-transactions | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-version | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-web | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-webservices | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossas-welcome-content-eap | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-weld | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jboss-as-xts | <0:7.5.20-1.Final_redhat_1.1.ep6.el7 | 0:7.5.20-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossts | <1:4.17.43-1.Final_redhat_1.1.ep6.el7 | 1:4.17.43-1.Final_redhat_1.1.ep6.el7 |
redhat/jbossweb | <0:7.5.28-1.Final_redhat_1.1.ep6.el7 | 0:7.5.28-1.Final_redhat_1.1.ep6.el7 |
redhat/jgroups | <1:3.2.18-1.Final_redhat_1.1.ep6.el7 | 1:3.2.18-1.Final_redhat_1.1.ep6.el7 |
redhat/lucene-solr | <0:3.6.2-8.redhat_9.1.ep6.el7 | 0:3.6.2-8.redhat_9.1.ep6.el7 |
redhat/picketbox | <0:4.1.7-1.Final_redhat_1.1.ep6.el7 | 0:4.1.7-1.Final_redhat_1.1.ep6.el7 |
redhat/eap7-activemq-artemis | <0:1.5.5.012-1.redhat_1.1.ep7.el6 | 0:1.5.5.012-1.redhat_1.1.ep7.el6 |
redhat/eap7-commons-logging-jboss-logmanager | <0:1.0.3-1.Final_redhat_1.1.ep7.el6 | 0:1.0.3-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate | <0:5.1.14-1.Final_redhat_1.1.ep7.el6 | 0:5.1.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-infinispan | <0:8.2.11-1.Final_redhat_1.1.ep7.el6 | 0:8.2.11-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar | <0:1.4.9-1.Final_redhat_1.1.ep7.el6 | 0:1.4.9-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jackson-databind | <0:2.8.11.1-1.redhat_1.1.ep7.el6 | 0:2.8.11.1-1.redhat_1.1.ep7.el6 |
redhat/eap7-jackson-jaxrs-providers | <0:2.8.11-2.redhat_1.1.ep7.el6 | 0:2.8.11-2.redhat_1.1.ep7.el6 |
redhat/eap7-jackson-module-jaxb-annotations | <0:2.8.11-2.redhat_1.1.ep7.el6 | 0:2.8.11-2.redhat_1.1.ep7.el6 |
redhat/eap7-jboss-logmanager | <0:2.0.10-1.Final_redhat_1.1.ep7.el6 | 0:2.0.10-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-marshalling | <0:2.0.5-1.Final_redhat_1.1.ep7.el6 | 0:2.0.5-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-modules | <0:1.6.4-1.Final_redhat_1.1.ep7.el6 | 0:1.6.4-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-remoting | <0:5.0.7-1.Final_redhat_1.1.ep7.el6 | 0:5.0.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-server-migration | <0:1.0.6-3.Final_redhat_3.1.ep7.el6 | 0:1.0.6-3.Final_redhat_3.1.ep7.el6 |
redhat/eap7-picketlink-bindings | <0:2.5.5-12.SP11_redhat_1.1.ep7.el6 | 0:2.5.5-12.SP11_redhat_1.1.ep7.el6 |
redhat/eap7-picketlink-federation | <0:2.5.5-12.SP11_redhat_1.1.ep7.el6 | 0:2.5.5-12.SP11_redhat_1.1.ep7.el6 |
redhat/eap7-undertow | <0:1.4.18-6.SP7_redhat_1.1.ep7.el6 | 0:1.4.18-6.SP7_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly | <0:7.1.3-2.GA_redhat_2.1.ep7.el6 | 0:7.1.3-2.GA_redhat_2.1.ep7.el6 |
redhat/eap7-wildfly-elytron | <0:1.1.10-1.Final_redhat_1.1.ep7.el6 | 0:1.1.10-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly-elytron-tool | <0:1.0.7-1.Final_redhat_1.1.ep7.el6 | 0:1.0.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly-javadocs | <0:7.1.3-1.GA_redhat_2.1.ep7.el6 | 0:7.1.3-1.GA_redhat_2.1.ep7.el6 |
redhat/eap7-wildfly-naming-client | <0:1.0.8-1.Final_redhat_1.1.ep7.el6 | 0:1.0.8-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly-openssl | <0:1.0.6-1.Final_redhat_1.1.ep7.el6 | 0:1.0.6-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly-web-console-eap | <0:2.9.17-1.Final_redhat_1.1.ep7.el6 | 0:2.9.17-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis | <0:1.5.5.012-1.redhat_1.1.ep7.el7 | 0:1.5.5.012-1.redhat_1.1.ep7.el7 |
redhat/eap7-commons-logging-jboss-logmanager | <0:1.0.3-1.Final_redhat_1.1.ep7.el7 | 0:1.0.3-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-hibernate | <0:5.1.14-1.Final_redhat_1.1.ep7.el7 | 0:5.1.14-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-infinispan | <0:8.2.11-1.Final_redhat_1.1.ep7.el7 | 0:8.2.11-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-ironjacamar | <0:1.4.9-1.Final_redhat_1.1.ep7.el7 | 0:1.4.9-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-jackson-databind | <0:2.8.11.1-1.redhat_1.1.ep7.el7 | 0:2.8.11.1-1.redhat_1.1.ep7.el7 |
redhat/eap7-jackson-jaxrs-providers | <0:2.8.11-2.redhat_1.1.ep7.el7 | 0:2.8.11-2.redhat_1.1.ep7.el7 |
redhat/eap7-jackson-module-jaxb-annotations | <0:2.8.11-2.redhat_1.1.ep7.el7 | 0:2.8.11-2.redhat_1.1.ep7.el7 |
redhat/eap7-jboss-logmanager | <0:2.0.10-1.Final_redhat_1.1.ep7.el7 | 0:2.0.10-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-jboss-marshalling | <0:2.0.5-1.Final_redhat_1.1.ep7.el7 | 0:2.0.5-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-jboss-modules | <0:1.6.4-1.Final_redhat_1.1.ep7.el7 | 0:1.6.4-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-jboss-remoting | <0:5.0.7-1.Final_redhat_1.1.ep7.el7 | 0:5.0.7-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-jboss-server-migration | <0:1.0.6-3.Final_redhat_3.1.ep7.el7 | 0:1.0.6-3.Final_redhat_3.1.ep7.el7 |
redhat/eap7-picketlink-bindings | <0:2.5.5-12.SP11_redhat_1.1.ep7.el7 | 0:2.5.5-12.SP11_redhat_1.1.ep7.el7 |
redhat/eap7-picketlink-federation | <0:2.5.5-12.SP11_redhat_1.1.ep7.el7 | 0:2.5.5-12.SP11_redhat_1.1.ep7.el7 |
redhat/eap7-undertow | <0:1.4.18-6.SP7_redhat_1.1.ep7.el7 | 0:1.4.18-6.SP7_redhat_1.1.ep7.el7 |
redhat/eap7-wildfly | <0:7.1.3-2.GA_redhat_2.1.ep7.el7 | 0:7.1.3-2.GA_redhat_2.1.ep7.el7 |
redhat/eap7-wildfly-elytron | <0:1.1.10-1.Final_redhat_1.1.ep7.el7 | 0:1.1.10-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-wildfly-elytron-tool | <0:1.0.7-1.Final_redhat_1.1.ep7.el7 | 0:1.0.7-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-wildfly-javadocs | <0:7.1.3-1.GA_redhat_2.1.ep7.el7 | 0:7.1.3-1.GA_redhat_2.1.ep7.el7 |
redhat/eap7-wildfly-naming-client | <0:1.0.8-1.Final_redhat_1.1.ep7.el7 | 0:1.0.8-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-wildfly-openssl | <0:1.0.6-1.Final_redhat_1.1.ep7.el7 | 0:1.0.6-1.Final_redhat_1.1.ep7.el7 |
redhat/eap7-wildfly-web-console-eap | <0:2.9.17-1.Final_redhat_1.1.ep7.el7 | 0:2.9.17-1.Final_redhat_1.1.ep7.el7 |
debian/jackson-databind | 2.9.8-3+deb10u3 2.9.8-3+deb10u5 2.12.1-1+deb11u1 2.14.0-1 | |
FasterXML jackson-databind | <2.7.9.3 | |
FasterXML jackson-databind | >=2.8.0<2.8.11.1 | |
FasterXML jackson-databind | >=2.9.0<2.9.5 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Oracle Communications Billing and Revenue Management | =7.5 | |
Oracle Communications Billing and Revenue Management | =12.0 | |
Oracle Communications Instant Messaging Server | =10.0.1 | |
Redhat Jboss Enterprise Application Platform | =6.4.19 | |
Redhat Jboss Enterprise Application Platform | =7.1.2 | |
redhat/jackson-databind | <2.8.11.1 | 2.8.11.1 |
redhat/jackson-databind | <2.9.5 | 2.9.5 |
maven/com.fasterxml.jackson.core:jackson-databind | <2.6.7.5 | 2.6.7.5 |
maven/com.fasterxml.jackson.core:jackson-databind | >=2.7.0<2.7.9.3 | 2.7.9.3 |
maven/com.fasterxml.jackson.core:jackson-databind | >=2.8.0<=2.8.11.0 | 2.8.11.1 |
maven/com.fasterxml.jackson.core:jackson-databind | >=2.9.0<2.9.5 | 2.9.5 |
IBM CLM | <=6.0.6.1 | |
IBM CLM | <=6.0.6 | |
IBM CLM | <=6.0.2 |
Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here: https://access.redhat.com/solutions/3279231 https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization General Mitigation: Try to avoid * Deserialization from sources you do not control * `enableDefaultTyping()` * `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)