Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2018-0124

Good to know:

icon
icon

Date: January 24, 2018

In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.

Language: Java

Severity Score

Related Resources (3)

https://github.com/FasterXML/jackson-core/pull/322/commits/d4d596ea6716bfbaa3c5400745845d6001e96a23
https://issues.jboss.org/browse/JBEAP-6316
https://www.mend.io/vulnerability-database/WS-2018-0124

Severity Score

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

Top Fix

icon

Upgrade Version

Upgrade to version copam/phpjasper7 - v1.3;copam/phpjasper7 - dev-master;a.ambrogini/phpjasper - v1.1;a.ambrogini/phpjasper - v2.6;a.ambrogini/phpjasper - no_fix;vufind/vufind - dev-legacy/mink-autoretry;vufind/vufind - dev-pullrequest_accessib_turn-my-account-menu-into-ul;vufind/vufind - dev-release-5.0;vufind/vufind - v3.1;vufind/vufind - dev-legacy/lbs4-daia;ziack/jasperphp - no_fix;ziack/jasperphp - 2.8.0;ziack/jasperphp - dev-master;geekcom/phpjasper-laravel - no_fix;JetBrains.Rider.Frontend4 - 202.0.20200820.182208;womtool - 53;womtool - 50;xidmonx/jasperphp - 2.7.0;xidmonx/jasperphp - no_fix;pepgenome - no_fix;smart145/phpjasper - v1.1;smart145/phpjasper - 3.0.0;smart145/phpjasper - v1.11;smart145/phpjasper - 2.0;smart145/phpjasper - v1.5;smart145/phpjasper - v1.8;mpa-portable - 1.9.0;davidecaruso/jasper-php - no_fix;davidecaruso/jasper-php - v1.0.0;fazo96/jasperphp - no_fix;minkbear/phpjasper - 3.0.0;beakerx - no_fix;beakerx - 0.12.0;r-awr - 1.11.189_1;salesfusion/reporter - 1.1.4;copam/phpjasper - v1.5;copam/phpjasper - 1.4;dericktan/phpjasper - no_fix;dericktan/phpjasper - v1.2;siu-toba/jasper - no_fix;nextflow - 0.31.0;nextflow - 21.04.0;nextflow - 0.32.0;Oracle.kv.client - no_fix;lopezsoft/jasperphp - v2.9.3;chrmorandi/yii2-jasper - v1.1.1;stesabvba/horizon - no_fix;oracle.kv.client - 12.4.1;flapjack - no_fix;starkliew/jasperphp - no_fix;OracleNoSQLDriver - no_fix;codelab/flaskphp-identity-smartid - no_fix;codelab/flaskphp-identity-smartid - v1.0.0;codelab/flaskphp-identity-smartid - v1.4.1;eihen/jasperstarter-bin - v3.4.1.0;lavela/phpjasper - v2.0;lavela/phpjasper - dev-master;pyspark - 3.0.0;cromwell - 40;rdpascua/jasperstarter - 3.5.0;nealis/jasperphp - no_fix;wdltool - no_fix;cossou/jasperphp - no_fix;i4n/phpjasper - 1.1.0;openrefine - 3.4;pepquery - 2.0.2;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.5.X;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:hawtio-keystore-mbean:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.2.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.5.X;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.5.X;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.5.X;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.2.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.2.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:no_fix;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.2.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.2.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.2.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.2.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.hawt:hawtio-json-schema-mbean:1.4.1;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.2.0.redhat-133;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:1.2.0.redhat-133;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;org.apache.camel:camel-example-spring-boot-metrics:2.17.1;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:2.0.0;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.fabric8:gateway-servlet-example:1.2.0.redhat-133;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.fabric8:gateway-servlet-example:2.0.0;io.hawt:hawtio-default-offline:1.2.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.5.X;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.2.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.2.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.5.X;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.5.X;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;org.apache.camel:camel-example-spark-rest-tomcat:2.15.1;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.apache.camel:camel-example-spark-rest-tomcat:2.14.1;org.apache.camel:camel-example-spark-rest-tomcat:2.15.2;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.jbosson.plugins.fuse:jboss-fuse-plugin:no_fix;org.apache.camel:camel-example-spring-boot:2.17.1;org.apache.camel:camel-example-spring-boot:2.17.1;org.apache.camel:camel-example-spring-boot:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.14.1;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.1;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.activemq:activemq-web-console:5.10.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;io.fabric8:fabric-webapp-agent:no_fix;io.fabric8:fabric-webapp-agent:1.2.0.redhat-133;org.infinispan:infinispan-gridfs-webdav:9.0.0.Alpha1;org.infinispan:infinispan-embedded:9.0.0.Alpha1;com.fasterxml.jackson.core:jackson-core:2.8.6;com.fasterxml.jackson.core:jackson-core:2.8.6;io.apiman:apiman-manager-api-war:1.2.1.Final;org.jboss.aerogear.unifiedpush:unifiedpush-server-eap:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us