Apache Log4j — библиотека журналирования (логирования) Java-программ
Релизный цикл, информация об уязвимостях
График релизов
Количество 111
GHSA-fxph-q3j8-mv87
Deserialization of Untrusted Data in Log4j
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
BDU:2020-02355
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
BDU:2021-01051
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-fxph-q3j8-mv87 Deserialization of Untrusted Data in Log4j | CVSS3: 9.8 | 94% Критический | около 6 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 38% Средний | около 6 лет назад |
| CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ... | CVSS3: 9.8 | 38% Средний | около 6 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 38% Средний | около 6 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 38% Средний | около 6 лет назад |
 | BDU:2020-02355 Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 38% Средний | около 6 лет назад |
| CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
| CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ... | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
| CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
| BDU:2021-01051 Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 94% Критический | почти 9 лет назад |
Уязвимостей на страницу