Astra Linux – Vulnerability in Apache Log4j1.2

The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...

Amazon Linux AMI : log4j (ALAS-2023-1718)

The version of log4j installed on the remote host is prior to 1.2.17-16.14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1718 advisory. A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to...

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

Code injection

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

CVE-2023-26464

CVE-2023-26464 : In Log4j 1.x, the Chainsaw and SocketAppender components on Java runtimes older than 1.7 are vulnerable to deserialization of deeply nested hashmap/hashtable when a logging entry is crafted, potentially exhausting VM memory and causing Denial of Service. The advisory notes this a...

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

PT-2023-6477 · Oracle +1 · Jre +1

Name of the Vulnerable Software and Affected Versions: Apache Log4j versions prior to 2 Description: The issue is related to the Chainsaw and SocketAppender components in Log4j 1.x when used with JRE less than 1.7. An attacker can cause a logging entry involving a specially-crafted hashmap or...

RHEL 8 : parfait:0.5 (RHSA-2022:0291)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0291 advisory. Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for...

RHEL 8 : parfait:0.5 (RHSA-2022:0289)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0289 advisory. Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.24 (RHSA-2022:5459)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5459 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on the WildFly application runtime. This release o...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

CVE-2022-29615

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

Oracle Linux 6 : log4j (ELSA-2022-9419)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9419 advisory. - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 Tenable has extracted the preceding description block directly from the Oracle Linu...

Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2022-1330)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

Oracle Linux 8 : parfait:0.5 (ELSA-2022-0290)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0290 advisory. - Obsolete remove vulnerable versions of log4j12 NVR 1.2.17-23 when upgrading to parfait 0.5.4-4 CVE-2021-4104 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: parfait:0.5 security update

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...