Advisory ROSA-SA-2021-1909

Software: log4j 1.2.17 OS: Cobalt 7.9 CVE-ID: CVE-2019-17571 CVE-Crit: CRITICAL CVE-DESC: Log4j 1.2 includes a SocketServer class vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in conjunction with a deserialization gadget while listening to...

[SECURITY] [DSA 4686-1] apache-log4j1.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4686-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2020 https://www.debian.org/security/faq -...

Debian DLA-2065-1 : apache-log4j1.2 security update

Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. For...

CVE-2019-17571

CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...

PT-2019-5314

Name of the Vulnerable Software and Affected Versions Log4j versions 1.2 up to 1.2.17 Description The issue is related to the deserialization of untrusted data in the SocketServer class of Log4j 1.2, which can be exploited to remotely execute arbitrary code when combined with a deserialization...