CVE-2019-17571
Description
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
49.043
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Log4j Vulnerability (CVE-2019-17571) | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.7 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.15 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.3.0 | Windows |
| Vulnerabilities CVE-2019-17571 are affected in Apache-log4j 1.2.17 | Windows |
| Vulnerabilities CVE-2019-17571 are affected in Zenframework - log4j-1.2.17 2.0 | Windows |
| SUSE-SU-2020:0054-1(SUSE Linux Enterprise Server 12-SP5 ) log4j-1.2.15-126.3.1.noarch.rpm | Linux |
| SUSE-SU-2020:0054-1(SUSE Linux Enterprise Server 12-SP4 ) log4j-1.2.15-126.3.1.noarch_SP4.rpm | Linux |
| Java-based open-source logging tool (USN-4495-1) liblog4j1.2-java_1.2.17-8+deb10u1build0.18.04.1_all.deb | Linux |
| Java-based open-source logging tool (USN-5998-1) liblog4j1.2-java_1.2.17-9ubuntu0.2_all.deb | Linux |
| Java-based open-source logging tool (USN-5998-1) liblog4j1.2-java_1.2.17-8+deb10u1ubuntu0.2_all.deb | Linux |
| Vulnerabilities CVE-2019-17571 are affected in Apache-log4j for Linux 1.2.17 | Linux |
| Vulnerabilities CVE-2019-17571 are affected in Zenframework - log4j-1.2.17 for Linux 2.0 | Linux |
| Deserialization of Untrusted Data Vulnerability (CVE-2019-17571) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234