2 matches found
ROS-20260224-73-0013
A vulnerability in the Socket Appender component of the Apache Log4j Core logging library API implementation is related to incorrect certificate authentication. Exploitation of the vulnerability could allow a remote attacker to intercept log traffic...
log4j: improper validation of certificate with host mismatch in SMTP appender
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...