SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt
This event is generated when an attacker attempts to exploit an unsafe deserialization vulnerability in FasterXML's Jackson Databind library.
Attempted User Privilege Gain
This rule checks for attempts to exploit an unsafe deserialization vulnerability in FasterXML's Jackson Databind library.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-7489FasterXML jackson-databind before 22.214.171.124, 2.8.x before 126.96.36.199 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
||Ease of Access||LOW