[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:2423-01 -- Redhat log4j

ID: oval:org.secpod.oval:def:502118Date: (C)2017-08-08   (M)2023-12-26
Class: PATCHFamily: unix




Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application

Platform:
Red Hat Enterprise Linux 7
Product:
log4j
Reference:
RHSA-2017:2423-01
CVE-2017-5645
CVE-2019-17571
CVE    2
CVE-2017-5645
CVE-2019-17571
CPE    29
cpe:/a:apache:log4j:2.2
cpe:/a:apache:log4j:2.3
cpe:/a:apache:log4j:2.4
cpe:/a:apache:log4j:2.5
...

© SecPod Technologies