Rapid7 Vulnerability & Exploit Database

Oracle WebLogic: CVE-2017-7525 : Critical Patch Update

Back to Search

Oracle WebLogic: CVE-2017-7525 : Critical Patch Update

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

02/06/2018

Created

07/25/2018

Added

04/18/2018

Modified

10/21/2019

Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Solution(s)

oracle-weblogic-apr-2018-cpu-10_3_6_0_0
oracle-weblogic-apr-2018-cpu-12_1_3_0_0
oracle-weblogic-apr-2018-cpu-12_2_1_2_0
oracle-weblogic-apr-2018-cpu-12_2_1_3_0

References

https://attackerkb.com/topics/cve-2017-7525
99623
CVE - 2017-7525
DSA-4004
RHSA-2017:1834
RHSA-2017:1835
RHSA-2017:1836
RHSA-2017:1837
RHSA-2017:1839
RHSA-2017:1840
RHSA-2017:2477
RHSA-2017:2546
RHSA-2017:2547
RHSA-2017:2633
RHSA-2017:2635
RHSA-2017:2636
RHSA-2017:2637
RHSA-2017:2638
RHSA-2017:3141
RHSA-2017:3454
RHSA-2017:3455
RHSA-2017:3456
RHSA-2017:3458
RHSA-2018:0294
RHSA-2018:0342
RHSA-2018:1449
RHSA-2018:1450
RHSA-2019:0910
RHSA-2019:2858
RHSA-2019:3149
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://support.oracle.com/rs?type=doc&id=2353306.1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle WebLogic: CVE-2017-7525 : Critical Patch Update