Zurück zur CVE-Übersicht
CVE-2019-17571
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score35/100 — MITTEL
- CVSS 9.8 — Kritisch
- EPSS 34%
EPSS-Score
34%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Referenzen
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html
- https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e...
- https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f1563843...
- https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444...
- https://lists.apache.org/thread.html/564f03b4e9511fcba29c68fc0299372dadbdb002718...
- https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac157382...
- https://lists.apache.org/thread.html/752ec92cd1e334a639e79bfbd689a4ec2c6579ec5bb...
- https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1...
- https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16add...
- https://lists.apache.org/thread.html/r05755112a8c164abc1004bb44f198b1e3d8ca3d546...