Intrusion Prevention

Jackson.jackson-databind.readValue.Insecure.Deserialization

Description

This indicates an attack attempt against a OS Command Execution vulnerability in the jackson-databind library.
The vulnerability is due to an error in the vulnerable application when trying to deserialize a maliciously crafted request. A remote attacker may be able exploit this to execute arbitrary code within the context of the application via crafted requests.

Affected Products

jackson-databind 2.8.8 and prior.

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Upgrade com.fasterxml.jackson to version 2.9.2.
https://github.com/FasterXML/jackson-databind

CVE References

CVE-2017-7525