[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 80305 Download | Alert*

Oracle Solaris 11 - ( CVE-2017-5645 )

It was discovered that the SocketServer class included in liblog4j1.2-java, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger application by sending a specially crafted log event.

apache-log4j1.2: Java-based open-source logging tool Apache Log4j could be made to remotely execute arbitrary code if it received specially crafted log data.

apache-log4j1.2: Java-based open-source logging tool Apache Log4j could be made to remotely execute arbitrary code if it received specially crafted log data.

[0:1.2.17-17] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104

parfait [0.5.4-4] - Obsolete vulnerable versions of log4j12 when upgrading to parfait 0.5.4-4 [0.5.4-3] - Drop all code explicitly using Log4J

[0:1.2.17-18] - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302

[0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748]

[0:1.2.14-6.4.2] - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 - [Orabug: 33868008] [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748]

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the ...


Pages:      Start    2874    2875    2876    2877    2878    2879    2880    2881    2882    2883    2884    2885    2886    2887    ..   8030

© SecPod Technologies