Download
| Alert*
oval:org.secpod.oval:def:89050494
This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer . oval:org.secpod.oval:def:507002 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: deserialization of untrusted data in SocketServer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:89000135 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer . oval:org.secpod.oval:def:1601506 It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger ... oval:org.secpod.oval:def:502118 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specia ... oval:org.secpod.oval:def:604851 It was discovered that the SocketServer class included in apache-log4j1.2, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger application by sending a specially crafted log ... oval:org.secpod.oval:def:62986 The host is installed with Oracle WebLogic Server component in Oracle WebLogic Server 10.3.6.0, 12.1.3.0, or 12.2.1.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle Console (Apache Log4j). Successful exploitation can cause unspecifi ... oval:org.secpod.oval:def:705618 apache-log4j1.2: Java-based open-source logging tool Apache Log4j could be made to remotely execute arbitrary code if it received specially crafted log data. oval:org.secpod.oval:def:64142 It was discovered that the SocketServer class included in liblog4j1.2-java, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger application by sending a specially crafted lo ... oval:org.secpod.oval:def:63013 The host is installed with Oracle WebLogic Server component in Oracle WebLogic Server through 10.3.6.0, 12.1.3.0, or 12.2.1.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle Console (Apache Log4j). Successful exploitation can cause u ... oval:org.secpod.oval:def:204601 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specia ... oval:org.secpod.oval:def:89043575 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer . oval:org.secpod.oval:def:63025 The host is installed with Oracle WebLogic Server component in Oracle WebLogic Server 10.3.6.0, 12.1.3.0, or 12.2.1.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle Console (Apache Log4j). Successful exploitation can cause unspecifi ... oval:org.secpod.oval:def:67103 apache-log4j1.2: Java-based open-source logging tool Apache Log4j could be made to remotely execute arbitrary code if it received specially crafted log data. oval:org.secpod.oval:def:97647 [CLSA-2022:1655843011] Fixed CVE-2019-17571 in log4j oval:org.secpod.oval:def:1700806 A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j 2.x is available a ... |