Home > Vulnerability Database > WS-2018-0124

Mend.io Vulnerability Database

WS-2018-0124

Good to know:

Date: January 24, 2018

In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.

Language: Java

Severity Score

8.6

Related Resources (3)

Url: https://github.com/FasterXML/jackson-core/pull/322/commits/d4d596ea6716bfbaa3c5400745845d6001e96a23

Url: https://issues.jboss.org/browse/JBEAP-6316

Url: https://www.mend.io/vulnerability-database/WS-2018-0124

Severity Score

8.6

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2018-0124

Good to know:

Date: January 24, 2018

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?