QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

GHSA-VMFG-RJJM-RJRJ QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

CVE-2017-5929

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

Code injection

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...

Serialization vulnerability

A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...

PT-2017-3933 · Qos.Ch · Logback

Name of the Vulnerable Software and Affected Versions: QOS.ch Logback versions prior to 1.2.0 Description: The issue is related to a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. This vulnerability allows an attacker to exploit the deserialization of...