Skip to main content

CVE-2017-17485: n/a in n/a

Critical
VulnerabilityCVE-2017-17485cvecve-2017-17485
Published: Wed Jan 10 2018 (01/10/2018, 18:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

AI-Powered Analysis

AILast updated: 06/25/2025, 17:22:56 UTC

Technical Analysis

CVE-2017-17485 is a critical deserialization vulnerability affecting the FasterXML jackson-databind library versions up to 2.8.10 and 2.9.x through 2.9.3. Jackson-databind is a widely used Java library for processing JSON data, specifically for converting JSON into Java objects via the ObjectMapper's readValue method. This vulnerability arises from an incomplete fix for a previous deserialization flaw (CVE-2017-7525). The core issue is that the blacklist intended to block dangerous classes during deserialization can be bypassed if Spring framework libraries are present in the application's classpath. This bypass enables an attacker to send specially crafted JSON input that triggers remote code execution (RCE) without requiring authentication or user interaction. The vulnerability exploits the unsafe deserialization of untrusted data, allowing attackers to instantiate arbitrary classes and execute malicious code on the target system. Since jackson-databind is embedded in numerous Java applications and frameworks, this flaw potentially affects a broad range of software products that rely on it for JSON processing. The lack of a CVSS score and absence of known exploits in the wild do not diminish the severity, as the vulnerability enables unauthenticated RCE, which is among the most critical security issues. The vulnerability was published in January 2018, and although patches exist in later versions, many legacy systems may remain vulnerable due to slow update cycles or embedded dependencies.

Potential Impact

For European organizations, the impact of CVE-2017-17485 can be severe. Since jackson-databind is widely used in enterprise Java applications, including web services, APIs, and microservices, exploitation could lead to full system compromise. Attackers could execute arbitrary code remotely, leading to data breaches, service disruption, lateral movement within networks, and potential deployment of ransomware or other malware. Critical sectors such as finance, healthcare, government, and telecommunications, which often rely on Java-based backend systems, are at heightened risk. The vulnerability's ability to bypass authentication means attackers can exploit exposed endpoints without credentials, increasing the attack surface. Additionally, the presence of Spring libraries, common in many European-developed applications, exacerbates the risk by enabling the blacklist bypass. The potential for widespread impact is amplified by the integration of jackson-databind in numerous third-party products and custom applications across Europe. Organizations failing to patch or mitigate this vulnerability could face regulatory penalties under GDPR if personal data is compromised, alongside reputational damage and operational downtime.

Mitigation Recommendations

1. Immediate upgrade of jackson-databind to versions beyond 2.9.3 where this vulnerability is fixed is the most effective mitigation. 2. Conduct a comprehensive inventory of all applications and services using jackson-databind, including transitive dependencies, to identify vulnerable instances. 3. If immediate upgrading is not feasible, implement strict input validation and filtering on JSON inputs to block suspicious payloads, especially those containing polymorphic type information. 4. Disable default typing or polymorphic deserialization features in jackson-databind where possible, as these are commonly exploited vectors. 5. Employ runtime application self-protection (RASP) or web application firewalls (WAF) with custom rules to detect and block exploitation attempts targeting deserialization endpoints. 6. Monitor logs for unusual deserialization activity or errors indicative of exploitation attempts. 7. Isolate and segment critical systems to limit lateral movement if compromise occurs. 8. Engage in secure software development lifecycle practices to avoid unsafe deserialization patterns in future code. 9. Collaborate with software vendors to ensure patched versions are deployed promptly. 10. For Spring-based applications, review classpath dependencies and remove unnecessary libraries that could facilitate blacklist bypass.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2017-12-10T00:00:00.000Z
Cisa Enriched
true
Cvss Version
null
State
PUBLISHED

Threat ID: 682d983ac4522896dcbed03c

Added to database: 5/21/2025, 9:09:14 AM

Last enriched: 6/25/2025, 5:22:56 PM

Last updated: 8/11/2025, 7:30:55 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats