Lucene search
K

137 matches found

Vulnrichment
Vulnrichment
added 2023/03/10 1:38 p.m.20 views

CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

8.2AI score0.01905EPSS
Exploits0References2
OSV
OSV
added 2023/03/10 1:38 p.m.34 views

CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

7.5CVSS6.8AI score0.01905EPSS
Exploits0References4
CVE
CVE
added 2023/03/10 1:38 p.m.296 views

CVE-2023-26464

The CVE-2023-26464 issue affects Apache Log4j 1.x Chainsaw and SocketAppender when running on JRE

7.5CVSS8.2AI score0.01905EPSS
In wildExploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/03/10 1:38 p.m.44 views

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

7.5CVSS6.8AI score0.01905EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.10 views

PT-2023-6477

Name of the Vulnerable Software and Affected Versions Apache Log4j versions prior to 2 Description The issue is related to the Chainsaw and SocketAppender components in Log4j 1.x when used with JRE less than 1.7. An attacker can cause a logging entry involving a specially-crafted hashmap or...

7.8CVSS6.7AI score0.01905EPSS
Exploits0References19
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.262 views

K00322972: Apache Log4j Chainsaw vulnerability CVE-2022-23307

Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2022-23307 Impact An attacker may be able to use this vulnerability to generat...

9.8CVSS8AI score0.52458EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.5 views

SUSE CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

9.8CVSS8.5AI score0.04612EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.4 views

SUSE CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

8.1CVSS7.6AI score0.52458EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.88 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.24 (RHSA-2022:5459)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5459 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8.7AI score0.87553EPSS
Exploits11References19
RedHat Linux
RedHat Linux
added 2022/06/30 7:14 p.m.8 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/30 7:0 p.m.10 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/30 6:34 p.m.9 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
Atlassian
Atlassian
added 2022/06/01 7:36 a.m.159 views

Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16

The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...

9.8CVSS10.1AI score0.66537EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/05/23 12:0 a.m.87 views

Oracle Linux 6 : log4j (ELSA-2022-9419)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9419 advisory. - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 Tenable has extracted the preceding description block directly from the Oracle Linu...

9.8CVSS7.6AI score0.8904EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.3 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.8 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/11 12:59 p.m.4 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
Atlassian
Atlassian
added 2022/04/08 4:20 p.m.412 views

Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...

9.8CVSS9.9AI score0.66537EPSS
Exploits1
OSV
OSV
added 2022/03/23 8:59 p.m.6 views

CLSA-2022-1648069165 Fix of CVE: CVE-2022-23307, CVE-2021-4104, CVE-2022-23305, CVE-2022-23302

CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...

9.8CVSS7AI score0.81147EPSS
Exploits10References1
OSV
OSV
added 2022/03/23 8:36 p.m.7 views

CLSA-2022-1648067792 Fix of CVE: CVE-2021-4104, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307

CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...

9.8CVSS7AI score0.81147EPSS
Exploits10References1
Rows per page
Query Builder