WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)

Description

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Remediation

References

Related Vulnerabilities

Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)

WordPress Plugin GA Google Analytics Cross-Site Scripting (20210211)

Oracle JRE CVE-2013-2450 Vulnerability (CVE-2013-2450)

WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)

WordPress Plugin WP Fast Cache Multiple Vulnerabilities (1.4)

Severity

High

Classification

CVE-2018-5968 CWE-184 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities