8 matches found
UBUNTU-CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...
log4j: improper validation of certificate with host mismatch in SMTP appender
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...
log4j: improper validation of certificate with host mismatch in SMTP appender
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...
The vulnerability in the implementation of the SmtpAppender class in the Log4j logging library allows a perpetrator to execute a type “man-in-the-middle” attack.
The vulnerability of the SmtpAppender class in the Log4j logging library is related to improper verification of certificate authenticity. Exploiting this vulnerability allows an attacker to execute a “man-in-the-middle” type attack remotely...
log4j: improper validation of certificate with host mismatch in SMTP appender
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...
GHSA-VWQQ-5VRC-XW9H Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender...
Apache Log4j Trust Management Issues Vulnerability
Apache Log4j is the United States Apache Apache Software Foundation of a Java-based open source logging tools. A security vulnerability exists in Apache Log4j that stems from SmtpAppender's failure to verify that the host name matches the SSL/TLS certificate of an SMTPS connection. An attacker ca...
DEBIAN-CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...