455 matches found
[SECURITY] [DLA 888-1] logback security update
Package : logback Version : 1:1.0.4-1+deb7u1 CVE ID : CVE-2017-5929 Debian Bug : 857343 It was discovered that logback, a flexible logging library for Java, would deserialize data from untrusted sockets which may lead to the execution of arbitrary code. This issue has been resolved by adding a...
DLA-888-1 logback - security update
Bulletin has no description...
CVE-2017-5929
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
Arbitrary Code Execution Via Serialization
QOS.ch Logback is vulnerable to arbitrary code execution via serialization. It is possible to write untrusted objects from the Logger, allowing arbitrary code execution...
QOS.ch Logback SocketServer and ServerSocketReceiver Component Elevation of Privilege Vulnerability
QOS.ch Logback is a set of logging framework written in Java . SocketServer and ServerSocketReceiver are among the debugging modules. A security vulnerability exists in the SocketServer and ServerSocketReceiver components of QOS.ch Logback versions prior to 1.1.10. An attacker can exploit this...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
Code injection
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
DEBIAN-CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
UBUNTU-CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...
PT-2017-3933 · Qos.Ch · Logback
Name of the Vulnerable Software and Affected Versions: QOS.ch Logback versions prior to 1.2.0 Description: The issue is related to a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. This vulnerability allows an attacker to exploit the deserialization of...