Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to analyze FasterXML/jackson-databind remote code execution vulnerabilities, the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

0x00 vulnerability background

On February 21, 2020, 360CERT detected that jackson-databind had applied for vulnerability number CVE-2020-8840 for a new deserialization exploitation chain.

Jackson-databind is a JSON processing library under the FasterXML project team.

The vulnerability affects jackson-databind 's processing of JSON text. An attacker can use a specially crafted request to trigger remote code execution, and a successful attack can gain control of the server (Web service level).

0x01 risk rating

360CERT assesses the vulnerability

The evaluation method, the threat level, the medium danger influence surface is general.

360CERT recommends that users update the jackson-databind version in a timely manner. Do a good job of asset self-check / self-test / prevention to avoid attack.

0x02 affects version

Jackson-databind 2.0.0 ~ 2.9.10.2

0x03 repair recommendation

Upgrade jackson-databind to

2.9.10.3

2.8.11.5

2.10.x

At the same time, 360CERT strongly recommends troubleshooting whether xbean-reflect is used in the project. The core reason for this vulnerability is that there is a special exploit chain in xbean-reflect that allows users to trigger JNDI remote class load operations. Removing xbean-reflect can mitigate the impact of the vulnerability.

0x04 vulnerability proof

Triggers code execution when processing JSON content.

At the same time, jackson-databind is dependent on multiple projects and is easy to be ignored by users. 360CERT recommends that users follow the repair recommendations to troubleshoot one by one.

0x05 product side solution 360city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such loopholes / events by means of asset mapping technology, and users are asked to contact the relevant product area leaders to obtain the corresponding products.

360AISA full-flow threat Analysis system

Based on the model of big data and combat experience training, 360AISA carries out full-flow threat detection to achieve real-time accurate attack alarm and restore the attack chain.

At present, the product has the ability to detect this vulnerability / attack in real time.

On how to analyze FasterXML/jackson-databind remote code execution vulnerabilities to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.