Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202402-16
HistoryFeb 18, 2024 - 12:00 a.m.

Apache Log4j: Multiple Vulnerabilities

2024-02-1800:00:00
Gentoo Foundation
security.gentoo.org
12
apache log4j
multiple vulnerabilities
gentoo
discontinued support
no workaround
java logging framework
cve identifiers
unmerge.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.794 High

EPSS

Percentile

98.2%

JSON

Background

Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation.

Description

Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for log4j. We recommend that users unmerge it:

 # emerge --ask --depclean "dev-java/log4j"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/log4j<= 1.2.17UNKNOWN

Related

nessus 42
ibm 39
openvas 25
redhat 27
atlassian 9
ubuntu 2
osv 12
rosalinux 1
mageia 1
attackerkb 1
suse 5
amazon 2
oraclelinux 3
centos 1
debian 4
rocky 1
almalinux 1
prion 3
veracode 2
f5 3
debiancve 2
github 2
ubuntucve 2
cve 4
cloudlinux 1
checkpoint_advisories 1
symantec 1
redhatcve 2
nessus
nessus
GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Apache Log4j vulnerabilities (USN-5998-1)
2023-04-06 00:00:00
Apache Log4j 1.x Multiple Vulnerabilities
2022-01-19 00:00:00
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version
2022-10-14 22:13:39
Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability (see CVEs below)
2022-10-20 18:18:17
Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)
2022-06-22 22:12:35
openvas
openvas
ILIAS < 5.4.26, 6.x < 6.14, 7.x < 7.5 ilServer Multiple Log4j Vulnerabilities
2022-01-28 00:00:00
Apache Log4j 1.x Multiple Vulnerabilities (Windows, Jan 2022) - Version Check
2022-01-18 00:00:00
Apache Log4j 1.x Multiple Vulnerabilities (Linux/Unix, Jan 2022) - Version Check
2022-01-18 00:00:00
redhat
redhat
(RHSA-2022:0507) Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update
2022-02-10 17:22:10
(RHSA-2022:0497) Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update
2022-02-09 13:03:14
(RHSA-2022:0439) Important: rh-maven36-log4j12 security update
2022-02-03 18:49:50
atlassian
atlassian
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
2022-07-04 12:01:21
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
2022-07-04 12:01:19
Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
2022-06-01 07:36:00
ubuntu
ubuntu
Apache Log4j vulnerabilities
2023-04-05 00:00:00
Apache Log4j vulnerability
2020-09-15 00:00:00
osv
osv
apache-log4j1.2 vulnerabilities
2023-04-05 21:26:34
Important: parfait:0.5 security update
2022-01-26 14:27:19
Important: parfait:0.5 security update
2022-01-26 14:27:19
rosalinux
rosalinux
Advisory ROSA-SA-2021-1909
2021-07-02 17:26:24
mageia
mageia
Updated davmail packages fix security vulnerability
2023-04-15 22:03:44
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00
suse
suse
Security update for log4j12 (important)
2022-01-28 00:00:00
Security update for log4j (important)
2022-01-27 00:00:00
Security update for kafka (important)
2022-02-16 00:00:00
amazon
amazon
Important: log4j
2023-03-30 22:50:00
Important: log4j
2022-02-15 22:54:00
oraclelinux
oraclelinux
log4j security update
2022-02-08 00:00:00
parfait:0.5 security update
2022-01-27 00:00:00
log4j security update
2022-05-23 00:00:00
centos
centos
log4j security update
2022-02-07 16:47:44
debian
debian
[SECURITY] [DLA 2905-1] apache-log4j1.2 security update
2022-01-31 14:24:44
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
2020-01-12 22:27:19
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
2020-05-15 22:17:02
rocky
rocky
parfait:0.5 security update
2022-01-26 14:27:19
almalinux
almalinux
Important: parfait:0.5 security update
2022-01-26 14:27:19
prion
prion
Deserialization of untrusted data
2021-06-16 08:15:00
Input validation
2020-04-27 16:15:00
Deserialization of untrusted data
2019-12-20 17:15:00
veracode
veracode
Arbitrary Code Execution
2019-12-23 04:57:47
Improper Validation Of Certificate
2020-04-28 07:08:30
f5
f5
K61529042 : Log4j vulnerability CVE-2019-17571
2020-04-08 00:00:00
K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)
2022-02-01 00:00:00
K15111130 : log4j 1.2.x vulnerability CVE-2020-9488
2022-02-10 00:00:00
debiancve
debiancve
CVE-2019-17571
2019-12-20 17:15:00
CVE-2020-9488
2020-04-27 16:15:00
github
github
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
2020-06-05 14:15:51
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:49
ubuntucve
ubuntucve
CVE-2020-9488
2020-04-27 00:00:00
CVE-2019-17571
2019-12-20 00:00:00
cve
cve
CVE-2020-9488
2020-04-27 16:15:00
CVE-2020-9493
2021-06-16 08:15:00
CVE-2019-17571
2019-12-20 17:15:00
cloudlinux
cloudlinux
Fixed CVE-2019-17571 in log4j
2022-06-21 20:23:31
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2019-17571)
2020-03-01 00:00:00
symantec
symantec
Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability
2019-12-18 00:00:00
redhatcve
redhatcve
CVE-2020-9488
2020-05-04 17:40:34
CVE-2022-23305
2022-01-18 16:16:17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.794 High

EPSS

Percentile

98.2%

JSON
Related for GLSA-202402-16
nessus42ibm39openvas25redhat27atlassian9ubuntu2osv12rosalinux1mageia1attackerkb1suse5amazon2oraclelinux3centos1debian4rocky1almalinux1prion3veracode2f53debiancve2github2ubuntucve2cve4cloudlinux1checkpoint_advisories1symantec1redhatcve2