Lucene search
K
QosLogback

4 matches found

CVE
CVE
added 2023/11/29 12:2 p.m.532 views

CVE-2023-6378

CVE-2023-6378 involves a serialization vulnerability in the logback receiver component of logback version 1.4.11 that allows an attacker to mount a Denial-of-Service by sending poisoned data. The published entries consistently describe a DoS impact without other confidentiality or integrity effec...

7.5CVSS7.2AI score0.009EPSS
CVE
CVE
added 2023/12/04 8:35 a.m.457 views

CVE-2023-6481

CVE-2023-6481 concerns the logback receiver component in logback, affected in versions 1.4.13, 1.3.13, and 1.2.12. It describes a serialization vulnerability that enables a Denial-of-Service attack when poisoned data is received. The connected documents corroborate a DoS impact and reference mult...

7.5CVSS7AI score0.00682EPSS
CVE
CVE
added 2021/12/16 12:0 a.m.322 views

CVE-2021-42550

This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...

8.5CVSS7AI score0.04439EPSS
CVE
CVE
added 2017/03/13 6:14 a.m.240 views

CVE-2017-5929

CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...

9.8CVSS9.2AI score0.07501EPSS