Jackson-Databind Unsafe Unserialization Remote Code Execution (CVE-2017-7525, CVE-2017-15095)
Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525 and later extended with CVE-2017-15095.
The Jackson-databind package...
Published Dec 07, 2017
Version 1.0Gal_Goldshtein
Employee
Joined June 20, 2019
Gal_Goldshtein
Employee
Joined June 20, 2019
Romani_2788
Dec 11, 2017Historic F5 Account
The latest ASM Attack Signature file available for download at downloads.f5.com now contains Attack Signatures that protect against this vulnerability.
Customers should look to installing this latest ASM Attack Signature file.