Oracle Linux 6 : log4j (ELSA-2022-9419)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9419 advisory. - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 Tenable has extracted the preceding description block directly from the Oracle Linu...

SQL Injection in Log4j 1.2.x

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

SQL Injection

JDBCAppender in Log4j is vulnerable to SQL Injection. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout...

CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...