Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario remotamente cuando se combina con un dispositivo de deserialización al escuchar el tráfico de red no confiable para datos de registro. Esto afecta a Log4j versiones desde 1.2 hasta 1.2.17.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-502
|
| [email protected] | Secondary |
en
CWE-502
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-502
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | log4j | * | <built-in method update of dict object at 0x72a9cd07bd80> | Application |
| debian | debian_linux | 8.0 | <built-in method update of dict object at 0x72a9b0929780> | Operating System |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a9e52b6980> | Operating System |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x72a9cc833c00> | Operating System |
| canonical | ubuntu_linux | 18.04 | <built-in method update of dict object at 0x72a9cc46f480> | Operating System |
| opensuse | leap | 15.1 | <built-in method update of dict object at 0x72a9cc46d700> | Operating System |
| netapp | oncommand_system_manager | * | <built-in method update of dict object at 0x72a9cc46f580> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x72a9cc46f780> | Application |
| oracle | application_testing_suite | 13.3.0.1 | <built-in method update of dict object at 0x72a9b0c12200> | Application |
| oracle | communications_network_integrity | * | <built-in method update of dict object at 0x72a9cc46e1c0> | Application |
| oracle | endeca_information_discovery_studio | 3.2.0 | <built-in method update of dict object at 0x72a9cd07bd40> | Application |
| oracle | financial_services_lending_and_leasing | * | <built-in method update of dict object at 0x72a9cc46d740> | Application |
| oracle | financial_services_lending_and_leasing | 12.5.0 | <built-in method update of dict object at 0x72a9b0c10580> | Application |
| oracle | mysql_enterprise_monitor | * | <built-in method update of dict object at 0x72a9cd07bec0> | Application |
| oracle | primavera_gateway | * | <built-in method update of dict object at 0x72a9cc46d380> | Application |
| oracle | primavera_gateway | * | <built-in method update of dict object at 0x72a9b0dcdb80> | Application |
| oracle | rapid_planning | 12.1 | <built-in method update of dict object at 0x72a9b0c13e80> | Application |
| oracle | rapid_planning | 12.2 | <built-in method update of dict object at 0x72a9cc46d300> | Application |
| oracle | retail_extract_transform_and_load | 19.0 | <built-in method update of dict object at 0x72a9b092a900> | Application |
| oracle | retail_service_backbone | 14.1 | <built-in method update of dict object at 0x72a9cdc84380> | Application |
| oracle | retail_service_backbone | 15.0 | <built-in method update of dict object at 0x72a9cc833680> | Application |
| oracle | retail_service_backbone | 16.0 | <built-in method update of dict object at 0x72a9b092be40> | Application |
| oracle | weblogic_server | 10.3.6.0.0 | <built-in method update of dict object at 0x72a9b0a87ac0> | Application |
| oracle | weblogic_server | 12.1.3.0.0 | <built-in method update of dict object at 0x72a9cc7f5940> | Application |
| oracle | weblogic_server | 12.2.1.3.0 | <built-in method update of dict object at 0x72a9b0c11a00> | Application |
| oracle | weblogic_server | 12.2.1.4.0 | <built-in method update of dict object at 0x72a9cc7e2000> | Application |
| oracle | weblogic_server | 14.1.1.0.0 | <built-in method update of dict object at 0x72a9cc833e80> | Application |
| apache | bookkeeper | * | <built-in method update of dict object at 0x72a9cd079640> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:* |