Jackson-Databind Unsafe Unserialization Remote Code Execution (CVE-2017-7525, CVE-2017-15095)

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525 and later extended with CVE-2017-15095. The Jackson-databind package...
Published Dec 07, 2017
Version 1.0
ASM Advanced WAF
cve-2017-7525
security
Romani_2788's avatar
Romani_2788
Historic F5 Account
Mar 18, 2018

There is a long list of signatures that protects against this vulnerability, including -- 200004318, 200004301 and 200004313. These typically can be found in the signature sets including:

 

  • WebSphere signatures
  • Server Side Code Injection Signatures
  • Medium Accuracy Signatures

Hope this helps.