Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.892179
Categoría:Debian Local Security Checks
Título:Debian LTS: Security Advisory for jackson-databind (DLA-2179-1)
Resumen:The remote host is missing an update for the 'jackson-databind'; package(s) announced via the DLA-2179-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'jackson-databind'
package(s) announced via the DLA-2179-1 advisory.

Vulnerability Insight:
Following CVEs were reported against the jackson-databind source package
:

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.aoju.bus.proxy.provider.remoting.RmiProvider
(aka bus-proxy).

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to javax.swing.JEditorPane.

CVE-2020-11111

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.activemq.* (aka activemq-jms, activemq-core,
activemq-pool, and activemq-pool-jms).

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.proxy.provider.remoting.RmiProvider
(aka apache/commons-proxy).

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.openjpa.ee.WASRegistryManagedRuntime
(aka openjpa).

CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.springframework.aop.config.MethodLocatingFactoryBean
(aka spring-aop).

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

Affected Software/OS:
'jackson-databind' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
2.4.2-2+deb8u14.

We recommend that you upgrade your jackson-databind packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-10968
Common Vulnerability Exposure (CVE) ID: CVE-2020-10969
Common Vulnerability Exposure (CVE) ID: CVE-2020-11111
Common Vulnerability Exposure (CVE) ID: CVE-2020-11112
Common Vulnerability Exposure (CVE) ID: CVE-2020-11113
Common Vulnerability Exposure (CVE) ID: CVE-2020-11619
Common Vulnerability Exposure (CVE) ID: CVE-2020-11620
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.