[Forgot Password]
Login  Register Subscribe

24003

 
 

131423

 
 

103942

 
 

909

 
 

83962

 
 

133

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:2423-01 -- Redhat log4j

ID: oval:org.secpod.oval:def:502118Date: (C)2017-08-08   (M)2018-01-27
Class: PATCHFamily: unix




Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application

Platform:
Red Hat Enterprise Linux 7
Product:
log4j
Reference:
RHSA-2017:2423-01
CVE-2017-5645
CVE    1
CVE-2017-5645
CPE    29
cpe:/o:redhat:enterprise_linux:7
cpe:/a:apache:log4j
cpe:/a:apache:log4j:2.2
cpe:/a:apache:log4j:2.3
...

© 2013 SecPod Technologies