Lucene search

Veracode Vulnerability DatabaseVERACODE:12485

HistoryJan 15, 2019 - 9:17 a.m.

Remote Code Execution (RCE)

2019-01-1509:17:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.874 High

EPSS

Percentile

98.7%

JSON

log4j is vulnerable to remote code execution (RCE). A malicious user can pass a malicious binary to the system that when deserialized, executes arbitrary code. This only affects applications that are using the TCP socket server or the UDP socket server to receive log events from another application.

CPENameOperatorVersion
rh-java-common-log4jeq1.2.17__15.14.el7
rh-java-common-log4jeq1.2.17__15.14.el6
jboss-as-process-controllereq7.5.16__1.Final_redhat_1.1.ep6.el7
jboss-as-process-controllereq7.5.1__2.Final_redhat_3.1.ep6.el6
jboss-as-process-controllereq7.4.1__2.Final_redhat_3.1.ep6.el6
jboss-as-process-controllereq7.5.4__2.Final_redhat_4.1.ep6.el5
jboss-as-process-controllereq7.5.13__2.Final_redhat_2.1.ep6.el7
jboss-as-process-controllereq7.5.3__1.Final_redhat_2.1.ep6.el6
jboss-as-process-controllereq7.5.3__1.Final_redhat_2.1.ep6.el7
jboss-as-process-controllereq7.5.2__2.Final_redhat_2.1.ep6.el5

Name	Operator	Version
rh-java-common-log4j	eq	1.2.17__15.14.el7
rh-java-common-log4j	eq	1.2.17__15.14.el6
jboss-as-process-controller	eq	7.5.16__1.Final_redhat_1.1.ep6.el7
jboss-as-process-controller	eq	7.5.1__2.Final_redhat_3.1.ep6.el6
jboss-as-process-controller	eq	7.4.1__2.Final_redhat_3.1.ep6.el6
jboss-as-process-controller	eq	7.5.4__2.Final_redhat_4.1.ep6.el5
jboss-as-process-controller	eq	7.5.13__2.Final_redhat_2.1.ep6.el7
jboss-as-process-controller	eq	7.5.3__1.Final_redhat_2.1.ep6.el6
jboss-as-process-controller	eq	7.5.3__1.Final_redhat_2.1.ep6.el7
jboss-as-process-controller	eq	7.5.2__2.Final_redhat_2.1.ep6.el5

Rows per page:

1-10 of 57191

References

www.openwall.com/lists/oss-security/2019/12/19/2

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/97702

www.securitytracker.com/id/1040200

www.securitytracker.com/id/1041294

access.redhat.com/errata/RHSA-2017:1417

access.redhat.com/errata/RHSA-2017:1801

access.redhat.com/errata/RHSA-2017:1802

access.redhat.com/errata/RHSA-2017:2423

access.redhat.com/errata/RHSA-2017:2633

access.redhat.com/errata/RHSA-2017:2635

access.redhat.com/errata/RHSA-2017:2636

access.redhat.com/errata/RHSA-2017:2637

access.redhat.com/errata/RHSA-2017:2638

access.redhat.com/errata/RHSA-2017:2808

access.redhat.com/errata/RHSA-2017:2809

access.redhat.com/errata/RHSA-2017:2810

access.redhat.com/errata/RHSA-2017:2811

access.redhat.com/errata/RHSA-2017:2888

access.redhat.com/errata/RHSA-2017:2889

access.redhat.com/errata/RHSA-2017:3244

access.redhat.com/errata/RHSA-2017:3399

access.redhat.com/errata/RHSA-2017:3400

access.redhat.com/errata/RHSA-2019:1545

access.redhat.com/security/updates/classification/#important

issues.apache.org/jira/browse/LOG4J2-1863

lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E

lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E

lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E

lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3Cissues.beam.apache.org%3E

lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3Cgithub.beam.apache.org%3E

lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3Cgithub.beam.apache.org%3E

lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3Cgithub.beam.apache.org%3E

lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3Ccommits.logging.apache.org%3E

lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3Cgithub.beam.apache.org%3E

lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3Ccommits.doris.apache.org%3E

lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3Cgithub.beam.apache.org%3E

lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E

security.netapp.com/advisory/ntap-20180726-0002/

security.netapp.com/advisory/ntap-20181107-0002/

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html