Test ID:	1.3.6.1.4.1.25623.1.0.891798
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-1798-1)
Summary:	The remote host is missing an update for the Debian 'jackson-databind' package(s) announced via the DLA-1798-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'jackson-databind' package(s) announced via the DLA-1798-1 advisory. Vulnerability Insight: A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. For Debian 8 Jessie, this problem has been fixed in version 2.4.2-2+deb8u6. We recommend that you upgrade your jackson-databind packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'jackson-databind' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12086 BugTraq ID: 109227 http://www.securityfocus.com/bid/109227 Bugtraq: 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update (Google Search) https://seclists.org/bugtraq/2019/May/68 https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 https://security.netapp.com/advisory/ntap-20190530-0003/ Debian Security Information: DSA-4452 (Google Search) https://www.debian.org/security/2019/dsa-4452 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ https://github.com/FasterXML/jackson-databind/issues/2326 https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E RedHat Security Advisories: RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2858 RedHat Security Advisories: RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2935 RedHat Security Advisories: RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2936 RedHat Security Advisories: RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2937 RedHat Security Advisories: RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2938 RedHat Security Advisories: RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2019:2998 RedHat Security Advisories: RHSA-2019:3044 https://access.redhat.com/errata/RHSA-2019:3044 RedHat Security Advisories: RHSA-2019:3045 https://access.redhat.com/errata/RHSA-2019:3045 RedHat Security Advisories: RHSA-2019:3046 https://access.redhat.com/errata/RHSA-2019:3046 RedHat Security Advisories: RHSA-2019:3050 https://access.redhat.com/errata/RHSA-2019:3050 RedHat Security Advisories: RHSA-2019:3149 https://access.redhat.com/errata/RHSA-2019:3149 RedHat Security Advisories: RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2019:3200
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.