Lucene search
K

238 matches found

Snyk
Snyk
added 2026/04/10 5:8 p.m.5 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the lack of TLS hostname verification in the SocketAppender component when configured through the...

6.8CVSS6.6AI score0.00395EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 5:6 p.m.16 views

Improper Output Neutralization for Logs

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the Rfc5424Layout plugin due to newLineEscape and useTlsMessageFormat configuration attributes being silently renamed, leading...

7.7CVSS5.7AI score0.00831EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 4:16 p.m.7 views

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS0.00395EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 4:16 p.m.8 views

UBUNTU-CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 4:16 p.m.7 views

UBUNTU-CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

7.5CVSS5.8AI score0.00831EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/10 3:40 p.m.4 views

CVE-2026-34478 Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

6.9CVSS5.8AI score0.00831EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/10 3:36 p.m.2 views

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS5.3AI score0.00395EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31939

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.12.0 through 2.25.3 Description A flaw exists where hostname verification is ignored when configured through the verifyHostName attribute of the '' element. This occurs even if the attribute is explicitly set,...

6.3CVSS5.1AI score0.00395EPSS
Exploits0References19
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.4 views

Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)

Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 1:4 p.m.4 views

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.3 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder...

9.1CVSS6.2AI score0.00743EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:39 p.m.4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j...

6.3CVSS6.4AI score0.00743EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2026/03/02 12:5 a.m.19 views

K000160192: Log4j vulnerability CVE-2025-68161

Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https: //logging. apache. org/log4j/2.x/manual/appenders/network...

6.3CVSS6.4AI score0.00743EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:44 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161.

Summary IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
Redos
Redos
added 2026/02/24 12:0 a.m.9 views

ROS-20260224-73-0013

A vulnerability in the Socket Appender component of the Apache Log4j Core logging library API implementation is related to incorrect certificate authentication. Exploitation of the vulnerability could allow a remote attacker to intercept log traffic...

6.3CVSS6.2AI score0.00743EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Amazon Linux 2023 : log4j, log4j-jcl, log4j-slf4j (ALAS2023-2026-1398)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1398 advisory. The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName...

6.3CVSS5.6AI score0.00743EPSS
Exploits1References4
Amazon
Amazon
added 2026/02/18 12:0 a.m.8 views

Medium: log4j

Issue Overview: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName...

6.3CVSS5.5AI score0.00743EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : parfait:0.5 (AXSA:2022-3020:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3020:01 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw l...

9.8CVSS8.2AI score0.81147EPSS
Exploits10References5
Debian
Debian
added 2026/01/19 10:50 p.m.11 views

[SECURITY] [DLA 4444-1] apache-log4j2 security update

Debian LTS Advisory DLA-4444-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.17.1-1deb11u2 CVE ID : CVE-2025-68161 Debian Bug : 1123744 In Apache Log4j2, a Java Logging Framework, t...

6.3CVSS6.5AI score0.00743EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.83 views

Apache Log4j 2.0-beta9 < 2.25.3 MitM

The version of Apache Log4j on the remote host is 2.0-beta9 through 2.25.2. The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName...

6.3CVSS7.2AI score0.00743EPSS
Exploits1References2
Veracode
Veracode
added 2026/01/05 7:27 a.m.7 views

Improper TLS Hostname Verification

org.apache.logging.log4j, log4j-core is vulnerable to improper TLS hostname verification. The vulnerability is due to the Socket Appender not enforcing TLS hostname verification even when explicitly enabled, which allows a man-in-the-middle attacker to intercept or redirect log traffic by...

6.3CVSS6.4AI score0.00743EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder