{"id":7643,"date":"2018-01-25T01:30:01","date_gmt":"2018-01-25T01:30:01","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1087"},"modified":"2025-07-09T07:14:58","modified_gmt":"2025-07-09T07:14:58","slug":"jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/","title":{"rendered":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)"},"content":{"rendered":"<p>At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind&#8217;s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method is called via the ObjectMapper object within the application. An attacker can thus compromise the application by sending maliciously crafted JSON input to gain direct control over a server. Currently, a proof of concept (POC) exploit for this vulnerability has been publicly available. All users who are affected by this vulnerability should upgrade to the latest versions as soon as possible to fix this issue.<\/p>\n<h2>Impact of the CVE-2017-17485 Vulnerability<\/h2>\n<ul>\n<li><strong>Affected Versions<\/strong><\/li>\n<\/ul>\n<p>Jackson-databind version &lt;= 2.9.3<\/p>\n<p>Jackson-databind version &lt;= 2.7.9.1<\/p>\n<p>Jackson-databind version &lt;= 2.8.10<\/p>\n<ul>\n<li><strong>Unaffected Versions<\/strong><\/li>\n<\/ul>\n<p>Jackson-databind version 2.9.3.1<\/p>\n<p>Jackson-databind version 2.7.9.2<\/p>\n<p>Jackson-databind version 2.8.11<\/p>\n<h2>How to Detect the CVE-2017-17485 Vulnerability<\/h2>\n<p>If the enableDefaultTyping method is called via the ObjectMapper object within an application that uses the jackson-databind component, this application will become vulnerable. Developers are advised to check whether the jackson-databind component is used in applications, and if so, to further check its version number and whether the enableDefaultTyping method is called in the code. The following uses the Maven project as an example to show how to check the use of jackson-databind.<\/p>\n<ol>\n<li>Check whether jackson-databind is included in <strong>pom.xml<\/strong> and, if so, whether its version is earlier than 2.9.3.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/check-jackson-databind-and-version.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-1091\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/check-jackson-databind-and-version.png\" alt=\"\" width=\"786\" height=\"164\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/check-jackson-databind-and-version.png 786w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/check-jackson-databind-and-version-300x63.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/check-jackson-databind-and-version-768x160.png 768w\" sizes=\"(max-width: 786px) 100vw, 786px\" \/><\/a><\/li>\n<li>If the answers to the preceding two questions are both &#8220;Yes&#8221;, check whether the enableDefaultTyping method is called in the code. If so, it is recommended that the component be upgraded immediately and the web application be restarted.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/enableDefaultTyping-called-or-not.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-1095\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/enableDefaultTyping-called-or-not.png\" alt=\"\" width=\"930\" height=\"246\" \/><\/a><\/li>\n<\/ol>\n<h2>How to Protect Against the CVE-2017-17485 Vulnerability<\/h2>\n<p><strong>(1) Official Fix<\/strong><\/p>\n<p>The vendor has released new versions to fix this vulnerability by expanding the blacklist. Affected users are advised to upgrade to the latest versions as soon as possible.<\/p>\n<p>The new major version (3.x) of jackson-databind will address this issue via a new API layer that provides a way to achieve whitelisting-based serialization for these polymorph classes.<\/p>\n<p><strong>(2) Use of Security Products<\/strong><\/p>\n<ul>\n<li><strong>Custom Rule<\/strong><\/li>\n<\/ul>\n<p>For immediate protection against the jackson-databind RCE vulnerability and reduction of any loss from possible exploitation of this vulnerability, we recommend that customers who have deployed NSFOCUS Web Application Firewall (WAF) configure the following custom rule before an official protection rule is provided:<\/p>\n<table style=\"height: 104px;\" width=\"737\">\n<tbody>\n<tr>\n<td width=\"660\">(uri * rco \u00a0 .*org\\.springframework\\.context\\.support\\.FileSystemXmlApplicationContext.*)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Users can do as follows to configure this custom rule:<\/p>\n<p>a. Create a custom rule by clicking <strong>Create<\/strong> under <strong>Security Management &gt; Rule Database Management &gt; Custom Rules &gt; Custom<\/strong>.<\/p>\n<p>b. In the <strong>Create<\/strong> dialog box, type <strong>jackson-17485<\/strong> as the rule name.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Name-of-rule.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-1096\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Name-of-rule.png\" alt=\"\" width=\"659\" height=\"502\" \/><\/a><\/p>\n<p>c. Set other parameters as follows and then click <strong>Add<\/strong>:<\/p>\n<ul>\n<li>Set <strong>Inspection Object<\/strong> to <strong>Request-Body<\/strong>.<\/li>\n<li>Set <strong>Matching Relationship<\/strong> to <strong>Regular Expression Including<\/strong>.<\/li>\n<li>Set <strong>Inspection Value<\/strong> to <strong>.*org\\.springframework\\.context\\.support\\.FileSystemXmlApplicationContext<\/strong>.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Apply-the-rule.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1089\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Apply-the-rule.png\" alt=\"\" width=\"658\" height=\"499\" \/><\/a><\/li>\n<\/ul>\n<p>After the configuration, constraints are displayed, as shown in the red frame of the following figure.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Constraints.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1092\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Constraints.png\" alt=\"\" width=\"666\" height=\"500\" \/><\/a><\/p>\n<p>d.<strong>\u00a0Create a custom policy by clicking Create under Security Management &gt; Policy Management &gt; Policy Type &gt; Others &gt; Custom Policy.<\/strong><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Custom-policy.png\"><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-1094\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Custom-policy-1024x593.png\" alt=\"\" width=\"640\" height=\"371\" \/><\/strong><\/a><\/p>\n<p>e. Type <strong>jackson-17485<\/strong> as the policy name, select the newly created <strong>jackson-17485<\/strong> rule from the rule list, and then click <strong>OK<\/strong>. <a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Name-of-policy.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-1098\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Name-of-policy.png\" alt=\"\" width=\"640\" height=\"430\" \/><\/a><\/p>\n<p>f. Apply the newly created custom policy to the website to be protected by choosing <strong>Security Management &gt; Website Protection &gt;<\/strong> <em>Website to be protected<\/em> <strong>&gt; Web Security Protection<\/strong>.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Apply-policy.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-1088\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Apply-policy-1024x621.png\" alt=\"\" width=\"640\" height=\"388\" \/><\/a><\/p>\n<p>g. In the <strong>Others<\/strong> area, select the custom policy <strong>jackson-17485<\/strong> and then click <strong>OK<\/strong>. Then NSFOCUS WAF can provide protection for the specific website according to the custom rule.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Select-Jackson-17485.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1097\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Select-Jackson-17485.png\" alt=\"\" width=\"636\" height=\"198\" \/><\/a><\/p>\n<p>The following figure shows that NSFOCUS WAF has effectively blocked the POC exploit.<a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Block-function-takes-effect.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-1090\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/Block-function-takes-effect-1024x86.png\" alt=\"\" width=\"640\" height=\"54\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind&#8217;s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method is called via the ObjectMapper [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1314,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[],"class_list":["post-7643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-25T01:30:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-09T07:14:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)\",\"datePublished\":\"2018-01-25T01:30:01+00:00\",\"dateModified\":\"2025-07-09T07:14:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/\"},\"wordCount\":605,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/AdobeStock_82072562_Preview.jpeg\",\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/\",\"name\":\"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/AdobeStock_82072562_Preview.jpeg\",\"datePublished\":\"2018-01-25T01:30:01+00:00\",\"dateModified\":\"2025-07-09T07:14:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/AdobeStock_82072562_Preview.jpeg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/AdobeStock_82072562_Preview.jpeg\",\"width\":1000,\"height\":589,\"caption\":\"Businessman interacting with virtual data interface.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS","og_description":"At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects","og_url":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/","og_site_name":"NSFOCUS","article_published_time":"2018-01-25T01:30:01+00:00","article_modified_time":"2025-07-09T07:14:58+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS","twitter_description":"At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)","datePublished":"2018-01-25T01:30:01+00:00","dateModified":"2025-07-09T07:14:58+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/"},"wordCount":605,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg","articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/","url":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/","name":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485) - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg","datePublished":"2018-01-25T01:30:01+00:00","dateModified":"2025-07-09T07:14:58+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/01\/AdobeStock_82072562_Preview.jpeg","width":1000,"height":589,"caption":"Businessman interacting with virtual data interface."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/jackson-databind-rce-vulnerability-handling-guide-cve-2017-17485\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=7643"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7643\/revisions"}],"predecessor-version":[{"id":32644,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7643\/revisions\/32644"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/1314"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=7643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=7643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=7643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}