ID CVE-2019-17571
Summary Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:log4j:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_system_manager:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_system_manager:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_system_manager:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_system_manager:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:16.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8.2223:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8.2223:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:bookkeeper:4.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:bookkeeper:4.14.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 14-12-2022 - 17:50)
Impact:
Exploitability:
CWE CWE-502
CAPEC
  • Object Injection
    An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1443635
title CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment log4j is earlier than 0:1.2.17-16.el7_4
          oval oval:com.redhat.rhsa:tst:20172423001
        • comment log4j is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172423002
      • AND
        • comment log4j-javadoc is earlier than 0:1.2.17-16.el7_4
          oval oval:com.redhat.rhsa:tst:20172423003
        • comment log4j-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172423004
      • AND
        • comment log4j-manual is earlier than 0:1.2.17-16.el7_4
          oval oval:com.redhat.rhsa:tst:20172423005
        • comment log4j-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172423006
rhsa
id RHSA-2017:2423
released 2017-08-07
severity Important
title RHSA-2017:2423: log4j security update (Important)
rpms
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6
  • log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el7
  • tomcat7-0:7.0.70-22.ep7.el6
  • tomcat7-0:7.0.70-22.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-22.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-22.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-javadoc-0:7.0.70-22.ep7.el6
  • tomcat7-javadoc-0:7.0.70-22.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el7
  • tomcat7-jsvc-0:7.0.70-22.ep7.el6
  • tomcat7-jsvc-0:7.0.70-22.ep7.el7
  • tomcat7-lib-0:7.0.70-22.ep7.el6
  • tomcat7-lib-0:7.0.70-22.ep7.el7
  • tomcat7-log4j-0:7.0.70-22.ep7.el6
  • tomcat7-log4j-0:7.0.70-22.ep7.el7
  • tomcat7-selinux-0:7.0.70-22.ep7.el6
  • tomcat7-selinux-0:7.0.70-22.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el7
  • tomcat7-webapps-0:7.0.70-22.ep7.el6
  • tomcat7-webapps-0:7.0.70-22.ep7.el7
  • tomcat8-0:8.0.36-24.ep7.el6
  • tomcat8-0:8.0.36-24.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-24.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-24.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-24.ep7.el7
  • tomcat8-javadoc-0:8.0.36-24.ep7.el6
  • tomcat8-javadoc-0:8.0.36-24.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el7
  • tomcat8-jsvc-0:8.0.36-24.ep7.el6
  • tomcat8-jsvc-0:8.0.36-24.ep7.el7
  • tomcat8-lib-0:8.0.36-24.ep7.el6
  • tomcat8-lib-0:8.0.36-24.ep7.el7
  • tomcat8-log4j-0:8.0.36-24.ep7.el6
  • tomcat8-log4j-0:8.0.36-24.ep7.el7
  • tomcat8-selinux-0:8.0.36-24.ep7.el6
  • tomcat8-selinux-0:8.0.36-24.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el7
  • tomcat8-webapps-0:8.0.36-24.ep7.el6
  • tomcat8-webapps-0:8.0.36-24.ep7.el7
  • log4j-0:1.2.17-16.el7_4
  • log4j-javadoc-0:1.2.17-16.el7_4
  • log4j-manual-0:1.2.17-16.el7_4
  • jboss-ec2-eap-0:7.5.17-1.Final_redhat_4.ep6.el6
  • jboss-ec2-eap-samples-0:7.5.17-1.Final_redhat_4.ep6.el6
  • eap7-jboss-ec2-eap-0:7.0.8-1.GA_redhat_1.ep7.el6
  • eap7-jboss-ec2-eap-0:7.0.8-1.GA_redhat_1.ep7.el7
  • eap7-jboss-ec2-eap-samples-0:7.0.8-1.GA_redhat_1.ep7.el6
  • eap7-jboss-ec2-eap-samples-0:7.0.8-1.GA_redhat_1.ep7.el7
  • log4j-0:1.2.14-19.patch_01.ep5.el5
  • log4j-0:1.2.14-19.patch_01.ep5.el6
refmap via4
confirm
debian DSA-4686
misc
mlist
  • [activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
  • [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
  • [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
  • [activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
  • [activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
  • [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
  • [debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update
  • [druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization
  • [hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Assigned] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
  • [hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571)
  • [jena-dev] 20200318 Re: Logging (JENA-1005)
  • [kafka-dev] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200105 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200106 [jira] [Assigned] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200106 [jira] [Commented] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200514 [GitHub] [kafka] jeffhuang26 commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200529 [GitHub] [kafka] ijuma commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200602 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200624 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [kafka-jira] 20200625 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
  • [logging-log4j-user] 20200224 Apache Log4j - Migration activity to 2.12.1 version - Request to support for the queries posted
  • [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
  • [tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
  • [tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
  • [tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
  • [tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
  • [tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
  • [tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
  • [zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
  • [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
  • [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
  • [zookeeper-dev] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329
  • [zookeeper-dev] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
  • [zookeeper-issues] 20200107 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20200108 [jira] [Assigned] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20200108 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20200108 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20200129 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-issues] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
  • [zookeeper-issues] 20201103 [jira] [Resolved] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
  • [zookeeper-notifications] 20200108 [GitHub] [zookeeper] eolivelli opened a new pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-notifications] 20200118 [GitHub] [zookeeper] asfgit closed pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
  • [zookeeper-user] 20200201 Re: Zookeeper 3.5.6 supports log4j 2.x?
suse openSUSE-SU-2020:0051
ubuntu USN-4495-1
Last major update 14-12-2022 - 17:50
Published 20-12-2019 - 17:15
Last modified 14-12-2022 - 17:50
Back to Top