Summary
Vulnerability in the Jackson JSON library
Who should read this All Struts 2 developers and users which are using the REST plugin
Impact of vulnerability Not clear, please read the linked issue for more details. https://github.com/FasterXML/jackson-databind/issues/1599
Maximum security rating Medium
Recommendation Upgrade to Struts 2.5.14.1
Affected Software Struts 2.5 - Struts 2.5.14
Reporter David Dillard < david dot dillard at veritas dot com> - Veritas Technologies Product Security Group
CVE Identifier CVE-2017-7525
Problem
A vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade com.fasterxml.jackson to version 2.9.2 to address CVE-2017-7525.
Solution
Upgrade to Apache Struts version 2.5.14.1. Another solution is to manually upgrade Jackson dependencies in your project to not vulnerable versions, see this comment.
Backward compatibility
No backward incompatibility issues are expected.
Workaround
Upgrade Jackson JSON library to the latest version.
Source
https://cwiki.apache.org/confluence/display/WW/s2-055
# 0day.today [2018-04-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation