137 matches found
CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender
UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...
CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender
UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...
CVE-2023-26464
The CVE-2023-26464 issue affects Apache Log4j 1.x Chainsaw and SocketAppender when running on JRE
CVE-2023-26464
UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...
PT-2023-6477
Name of the Vulnerable Software and Affected Versions Apache Log4j versions prior to 2 Description The issue is related to the Chainsaw and SocketAppender components in Log4j 1.x when used with JRE less than 1.7. An attacker can cause a logging entry involving a specially-crafted hashmap or...
K00322972: Apache Log4j Chainsaw vulnerability CVE-2022-23307
Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2022-23307 Impact An attacker may be able to use this vulnerability to generat...
SUSE CVE-2020-9493
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...
SUSE CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.24 (RHSA-2022:5459)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5459 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on the WildFly application runtime. This release o...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...
Oracle Linux 6 : log4j (ELSA-2022-9419)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9419 advisory. - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 Tenable has extracted the preceding description block directly from the Oracle Linu...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...
CLSA-2022-1648069165 Fix of CVE: CVE-2022-23307, CVE-2021-4104, CVE-2022-23305, CVE-2022-23302
CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...
CLSA-2022-1648067792 Fix of CVE: CVE-2021-4104, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307
CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...