| Un problema è stato scoperto nel FasterXML jackson-databind prima 2.7.9.4, 2.8.11.2 e 2.9.6. Quando si digita default è abilitato (sia a livello globale che per una proprietà specifica), il servizio ha il vaso Oracle JDBC nel classpath, e un attaccante in grado di fornire un servizio LDAP per l’accesso, è possibile rendere il servizio eseguire un payload maligno. |
| https://seclists.org/bugtraq/2019/May/68 https://security.netapp.com/advisory/ntap-20190530-0003/ https://security.netapp.com/advisory/ntap-20190530-0003/ https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://www.debian.org/security/2019/dsa-4452 http://www.securityfocus.com/bid/105659 http://www.securityfocus.com/bid/105659 https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a https://github.com/FasterXML/jackson-databind/issues/2058 https://github.com/FasterXML/jackson-databind/issues/2058 https://lists.fedoraproject.org/archives/list/[email protected]/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/ https://lists.fedoraproject.org/archives/list/[email protected]/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/ https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cissues.lucene.apache.org%3E https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0782 https://access.redhat.com/errata/RHSA-2019:0877 https://access.redhat.com/errata/RHSA-2019:1106 https://access.redhat.com/errata/RHSA-2019:1107 https://access.redhat.com/errata/RHSA-2019:1108 https://access.redhat.com/errata/RHSA-2019:1140 https://access.redhat.com/errata/RHSA-2019:1782 https://access.redhat.com/errata/RHSA-2019:1797 https://access.redhat.com/errata/RHSA-2019:1822 https://access.redhat.com/errata/RHSA-2019:1823 https://access.redhat.com/errata/RHSA-2019:2804 https://access.redhat.com/errata/RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:3002 https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3149 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023 |
Vulnerabilità: CVE-2018-12023
