10 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5929
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. CVE-2017-5929 Note that Nessus...
RHEL 6 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - Improper validation of certificate...
SUSE CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2017:2809)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2809 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
logback: Serialization vulnerability in SocketServer and ServerSocketReceiver
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
logback: Serialization vulnerability in SocketServer and ServerSocketReceiver
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
Apache Log4j socket receiver deserialization vulnerability (CVE-2017-5645)
Versions Affected: all versions from 2.0-alpha1 to 2.8.1 Description: When using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Mitigation: Ja...
QOS.ch Logback SocketServer and ServerSocketReceiver Component Elevation of Privilege Vulnerability
QOS.ch Logback is a set of logging framework written in Java . SocketServer and ServerSocketReceiver are among the debugging modules. A security vulnerability exists in the SocketServer and ServerSocketReceiver components of QOS.ch Logback versions prior to 1.1.10. An attacker can exploit this...
DEBIAN-CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
UBUNTU-CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...