A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
View Full Alert
Related Posts
CVE-2019-0231Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text…
CVE-2018-17792MDaemon Webmail (formerly WorldClient) has CSRF. View Full Alert
CVE-2018-14919LOYTEC LGATE-902 6.3.2 devices allow XSS. View Full Alert