Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6481

Опубликовано: 04 дек. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. This flaw allows an attacker to mount a denial-of-service attack by sending poisoned data.

Отчет

The security vulnerability in the logback package is considered of moderate severity due to its potential for facilitating a denial-of-service (DoS) attack. While a DoS attack can disrupt service availability, this vulnerability may not lead to more severe consequences such as unauthorized access or data breaches.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2logbackNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Not affected
Migration Toolkit for Applications 6logbackNot affected
Migration Toolkit for Applications 7logbackNot affected
Migration Toolkit for RuntimeslogbackNot affected
Red Hat build of Apache Camel for Spring Boot 3logbackOut of support scope
Red Hat build of Debezium 2logbackWill not fix
Red Hat Build of KeycloaklogbackNot affected
Red Hat build of OptaPlanner 8logbackAffected
Red Hat build of Quarkusch.qos.logback/logback-coreNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2252956logback: A serialization vulnerability in logback receiver

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-6481

CVSS3: 7.1
ubuntu
около 2 лет назад

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

nvd логотип

CVE-2023-6481

CVSS3: 7.1
nvd
около 2 лет назад

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

debian логотип

CVE-2023-6481

CVSS3: 7.1
debian
около 2 лет назад

A serialization vulnerability in logback receiver component part of l ...

github логотип

GHSA-gm62-rw4g-vrc4

CVSS3: 7.1
github
около 2 лет назад

Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3