Описание
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2.13.3-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | released | 2.16.0-0.20.04.1 |
| esm-apps/jammy | not-affected | 2.13.3-1 |
| esm-apps/noble | not-affected | 2.13.3-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | ignored | end of standard support, was needs-triage |
| focal | released | 2.16.0-0.20.04.1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
3.7 Low
CVSS3
Связанные уязвимости
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Improper validation of certificate with host mismatch in Apache Log4j ...
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Уязвимость реализации класса SmtpAppender библиотеки журналирования Java-программ Log4j, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
4.3 Medium
CVSS2
3.7 Low
CVSS3