Jackson-Databind Unsafe Unserialization Remote Code Execution (CVE-2017-7525, CVE-2017-15095)
Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525 and later extended with CVE-2017-15095.
The Jackson-databind package...
Published Dec 07, 2017
Version 1.0
Gal_Goldshtein
Employee
EmployeeGal_GoldshteinEmployee
Employee
The latest ASM Attack Signature file available for download at downloads.f5.com now contains Attack Signatures that protect against this vulnerability.
Customers should look to installing this latest ASM Attack Signature file.