Download
| Alert*
oval:org.secpod.oval:def:78648
The host is installed with Apache Log4j 2.0.x through 2.16.0 (excluding security releases 2.3.1 and 2.12.3) and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issue in the logging configuration when it uses a non-default Pattern La ... oval:org.secpod.oval:def:78162 apache-log4j2: Apache Log4j - Logging Framework for Java Several security issues were fixed in Apache Log4j 2. oval:org.secpod.oval:def:76608 The host is installed with Apache Log4j 2.0.x through 2.16.0 (excluding security releases 2.3.1 and 2.12.3) and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issue in the logging configuration when it uses a non-default Pattern La ... oval:org.secpod.oval:def:605712 It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup , attackers with control over Thread Context Map input data can craft mali ... oval:org.secpod.oval:def:706256 apache-log4j2: Apache Log4j - Logging Framework for Java Apache Log4j 2 could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:76503 It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup , attackers with control over Thread Context Map input data can craft mali ... oval:org.secpod.oval:def:76502 apache-log4j2: Apache Log4j - Logging Framework for Java Apache Log4j 2 could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:121371 Log4j is a tool to help the programmer output log statements to a variety of output targets. oval:org.secpod.oval:def:121373 Log4j is a tool to help the programmer output log statements to a variety of output targets. oval:org.secpod.oval:def:1700792 A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service oval:org.secpod.oval:def:706274 apache-log4j2: Apache Log4j - Logging Framework for Java Several security issues were fixed in Apache Log4j 2. |