[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:2423-01 -- Redhat log4j

ID: oval:org.secpod.oval:def:502118Date: (C)2017-08-08   (M)2018-07-19
Class: PATCHFamily: unix




Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application

Platform:
Red Hat Enterprise Linux 7
Product:
log4j
Reference:
RHSA-2017:2423-01
CVE-2017-5645
CVE    1
CVE-2017-5645
CPE    29
cpe:/a:apache:log4j
cpe:/o:redhat:enterprise_linux:7
cpe:/a:apache:log4j:2.2
cpe:/a:apache:log4j:2.3
...

© SecPod Technologies