Lucene search

K
freebsdFreeBSD3FADD7E4-F8FB-45A0-A218-8FD6423C338F
HistoryDec 10, 2021 - 12:00 a.m.

graylog -- include log4j patches

2021-12-1000:00:00
vuxml.freebsd.org
140
graylog
log4j
apache
jndi
ldap
unix

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.967

Percentile

99.7%

Apache Software Foundation repos:

Apache Log4j2 JNDI features do not protect against attacker
controlled LDAP and other JNDI related endpoints. An attacker
who can control log messages or paramters can execute arbitrary
code from attacker-controller LDAP servers when message lookup
substitution is enabled.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgraylog< 4.2.3UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.967

Percentile

99.7%