[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80170

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:2423-01 -- Redhat log4j

ID: oval:org.secpod.oval:def:502118Date: (C)2017-08-08   (M)2018-01-05
Class: PATCHFamily: unix




Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application

Platform:
Red Hat Enterprise Linux 7
Product:
log4j
Reference:
RHSA-2017:2423-01
CVE-2017-5645
CVE    1
CVE-2017-5645
CPE    29
cpe:/a:apache:log4j
cpe:/a:apache:log4j:2.2
cpe:/a:apache:log4j:2.3
cpe:/a:apache:log4j:2.4
...

© 2013 SecPod Technologies