4 matches found
Security Bulletin: Apache Log4j vulnerability
Summary Apache Log4j vulnerability Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
CVE-2022-23302
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. Mitigation These...