Lucene search
K

8 matches found

OSV
OSV
added 2026/04/10 4:16 p.m.8 views

UBUNTU-CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/02/10 5:26 p.m.4 views

log4j: improper validation of certificate with host mismatch in SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

4.3CVSS6.7AI score0.08096EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/30 4:31 p.m.3 views

log4j: improper validation of certificate with host mismatch in SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

4.3CVSS6.7AI score0.08096EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/07/31 12:0 a.m.3 views

The vulnerability in the implementation of the SmtpAppender class in the Log4j logging library allows a perpetrator to execute a type “man-in-the-middle” attack.

The vulnerability of the SmtpAppender class in the Log4j logging library is related to improper verification of certificate authenticity. Exploiting this vulnerability allows an attacker to execute a “man-in-the-middle” type attack remotely...

4.3CVSS6.7AI score0.08096EPSS
Exploits0References25Affected Software77
RedHat Linux
RedHat Linux
added 2020/06/17 5:38 p.m.3 views

log4j: improper validation of certificate with host mismatch in SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

4.3CVSS6.7AI score0.08096EPSS
Exploits0References4
OSV
OSV
added 2020/06/05 2:15 p.m.6 views

GHSA-VWQQ-5VRC-XW9H Improper validation of certificate with host mismatch in Apache Log4j SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender...

3.7CVSS6.8AI score0.08096EPSS
Exploits0References89
CNVD
CNVD
added 2020/04/28 12:0 a.m.3 views

Apache Log4j Trust Management Issues Vulnerability

Apache Log4j is the United States Apache Apache Software Foundation of a Java-based open source logging tools. A security vulnerability exists in Apache Log4j that stems from SmtpAppender's failure to verify that the host name matches the SSL/TLS certificate of an SMTPS connection. An attacker ca...

4.3CVSS7.2AI score0.08096EPSS
Exploits0References1
OSV
OSV
added 2020/04/27 4:15 p.m.3 views

DEBIAN-CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

3.7CVSS6.4AI score0.08096EPSS
Exploits0References1
Rows per page
Query Builder