CVE-2019-17571 - Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted dat

CVE-2019-17571

Summary

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

References

Vulnerable Configurations

cpe:2.3:a:apache:log4j:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8.2223:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8.2223:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.11.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.11.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.13.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.13.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.14.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.14.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.14.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.14.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.14.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:bookkeeper:4.14.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 14-12-2022 - 17:50)
Impact:
Exploitability:

CWE

CWE-502

CAPEC

Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1443635
title	CVE-2017-5645 log4j: Socket receiver deserialization vulnerability

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment log4j is earlier than 0:1.2.17-16.el7_4
oval oval:com.redhat.rhsa:tst:20172423001
comment log4j is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172423002

AND

comment log4j-javadoc is earlier than 0:1.2.17-16.el7_4
oval oval:com.redhat.rhsa:tst:20172423003
comment log4j-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172423004

AND

comment log4j-manual is earlier than 0:1.2.17-16.el7_4
oval oval:com.redhat.rhsa:tst:20172423005
comment log4j-manual is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20172423006

rhsa

id	RHSA-2017:2423
released	2017-08-07
severity	Important
title	RHSA-2017:2423: log4j security update (Important)

rpms

log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7
tomcat-native-0:1.2.8-10.redhat_10.ep7.el6
tomcat-native-0:1.2.8-10.redhat_10.ep7.el7
tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el6
tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el7
tomcat7-0:7.0.70-22.ep7.el6
tomcat7-0:7.0.70-22.ep7.el7
tomcat7-admin-webapps-0:7.0.70-22.ep7.el6
tomcat7-admin-webapps-0:7.0.70-22.ep7.el7
tomcat7-docs-webapp-0:7.0.70-22.ep7.el6
tomcat7-docs-webapp-0:7.0.70-22.ep7.el7
tomcat7-el-2.2-api-0:7.0.70-22.ep7.el6
tomcat7-el-2.2-api-0:7.0.70-22.ep7.el7
tomcat7-javadoc-0:7.0.70-22.ep7.el6
tomcat7-javadoc-0:7.0.70-22.ep7.el7
tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el6
tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el7
tomcat7-jsvc-0:7.0.70-22.ep7.el6
tomcat7-jsvc-0:7.0.70-22.ep7.el7
tomcat7-lib-0:7.0.70-22.ep7.el6
tomcat7-lib-0:7.0.70-22.ep7.el7
tomcat7-log4j-0:7.0.70-22.ep7.el6
tomcat7-log4j-0:7.0.70-22.ep7.el7
tomcat7-selinux-0:7.0.70-22.ep7.el6
tomcat7-selinux-0:7.0.70-22.ep7.el7
tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el6
tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el7
tomcat7-webapps-0:7.0.70-22.ep7.el6
tomcat7-webapps-0:7.0.70-22.ep7.el7
tomcat8-0:8.0.36-24.ep7.el6
tomcat8-0:8.0.36-24.ep7.el7
tomcat8-admin-webapps-0:8.0.36-24.ep7.el6
tomcat8-admin-webapps-0:8.0.36-24.ep7.el7
tomcat8-docs-webapp-0:8.0.36-24.ep7.el6
tomcat8-docs-webapp-0:8.0.36-24.ep7.el7
tomcat8-el-2.2-api-0:8.0.36-24.ep7.el6
tomcat8-el-2.2-api-0:8.0.36-24.ep7.el7
tomcat8-javadoc-0:8.0.36-24.ep7.el6
tomcat8-javadoc-0:8.0.36-24.ep7.el7
tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el6
tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el7
tomcat8-jsvc-0:8.0.36-24.ep7.el6
tomcat8-jsvc-0:8.0.36-24.ep7.el7
tomcat8-lib-0:8.0.36-24.ep7.el6
tomcat8-lib-0:8.0.36-24.ep7.el7
tomcat8-log4j-0:8.0.36-24.ep7.el6
tomcat8-log4j-0:8.0.36-24.ep7.el7
tomcat8-selinux-0:8.0.36-24.ep7.el6
tomcat8-selinux-0:8.0.36-24.ep7.el7
tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el6
tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el7
tomcat8-webapps-0:8.0.36-24.ep7.el6
tomcat8-webapps-0:8.0.36-24.ep7.el7
log4j-0:1.2.17-16.el7_4
log4j-javadoc-0:1.2.17-16.el7_4
log4j-manual-0:1.2.17-16.el7_4
jboss-ec2-eap-0:7.5.17-1.Final_redhat_4.ep6.el6
jboss-ec2-eap-samples-0:7.5.17-1.Final_redhat_4.ep6.el6
eap7-jboss-ec2-eap-0:7.0.8-1.GA_redhat_1.ep7.el6
eap7-jboss-ec2-eap-0:7.0.8-1.GA_redhat_1.ep7.el7
eap7-jboss-ec2-eap-samples-0:7.0.8-1.GA_redhat_1.ep7.el6
eap7-jboss-ec2-eap-samples-0:7.0.8-1.GA_redhat_1.ep7.el7
log4j-0:1.2.14-19.patch_01.ep5.el5
log4j-0:1.2.14-19.patch_01.ep5.el6

refmap via4

confirm	https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E https://security.netapp.com/advisory/ntap-20200110-0001/
debian	DSA-4686
misc	https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html
mlist	[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] [activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] [activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image [debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update [druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization [hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Assigned] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571) [hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571) [jena-dev] 20200318 Re: Logging (JENA-1005) [kafka-dev] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200105 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200106 [jira] [Assigned] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200106 [jira] [Commented] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200514 [GitHub] [kafka] jeffhuang26 commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200529 [GitHub] [kafka] ijuma commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200602 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200624 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [kafka-jira] 20200625 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571 [logging-log4j-user] 20200224 Apache Log4j - Migration activity to 2.12.1 version - Request to support for the queries posted [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list [tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 [tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 [tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 [tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 [tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 [tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] [zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 [zookeeper-dev] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329 [zookeeper-dev] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571 [zookeeper-issues] 20200107 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20200108 [jira] [Assigned] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20200108 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20200108 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20200129 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-issues] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571 [zookeeper-issues] 20201103 [jira] [Resolved] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571 [zookeeper-notifications] 20200108 [GitHub] [zookeeper] eolivelli opened a new pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-notifications] 20200118 [GitHub] [zookeeper] asfgit closed pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer [zookeeper-user] 20200201 Re: Zookeeper 3.5.6 supports log4j 2.x?
suse	openSUSE-SU-2020:0051
ubuntu	USN-4495-1

Last major update

14-12-2022 - 17:50

Published

20-12-2019 - 17:15

Last modified

14-12-2022 - 17:50