CVE-2019-17571

Published on: 12/20/2019 12:00:00 AM UTC

Last Modified on: 12/14/2022 05:50:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Bookkeeper from Apache contain the following vulnerability:

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

  • CVE-2019-17571 has been assigned by URL Logo secu[email protected] to track the vulnerability - currently rated as CRITICAL severity.
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Log4j version versions up to 1.2.17

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [kafka-users] 20210617 vulnerabilities
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200625 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Patch
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200514 [GitHub] [kafka] jeffhuang26 commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-dev] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200624 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200105 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Patch
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211017 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211007 [GitHub] [bookkeeper] RaulGracia commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Oracle Critical Patch Update Advisory - July 2020 Third Party Advisory
www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpujul2020.html
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200106 [jira] [Commented] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211006 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
[security-announce] openSUSE-SU-2020:0051-1: important: Security update Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2020:0051
Pony Mail! Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-dev] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20201103 [jira] [Resolved] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200108 [jira] [Assigned] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200106 [jira] [Assigned] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Assigned] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [portals-pluto-dev] 20210629 [jira] [Updated] (PLUTO-787) Migrate from Log4J and SLF4J dependencies due to CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211006 [GitHub] [bookkeeper] RaulGracia opened a new pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-notifications] 20200118 [GitHub] [zookeeper] asfgit closed pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200108 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211007 [GitHub] [bookkeeper] RaulGracia commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200129 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211017 [GitHub] [bookkeeper] zymap commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20210211 [GitHub] [kafka] ch4rl353y commented on pull request #7898: KAFKA-9366: Change log4j dependency into log4j2
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-users] 20210210 Security: CVE-2019-17571 (log4j)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [activemq-users] 20210830 Security issues
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
Pony Mail! Mailing List
Patch
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Debian -- Security Information -- DSA-4686-1 apache-log4j1.2 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4686
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200107 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211013 [GitHub] [bookkeeper] eolivelli commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-user] 20200201 Re: Zookeeper 3.5.6 supports log4j 2.x?
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2534) Log4j flagged as critical security violation
Pony Mail! Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [portals-pluto-dev] 20210629 [jira] [Updated] (PLUTO-787) Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [portals-pluto-scm] 20210629 [portals-pluto] branch master updated: PLUTO-787 Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
USN-4495-1: Apache Log4j vulnerability | Ubuntu security notices | Ubuntu Mailing List
Vendor Advisory
usn.ubuntu.com
text/html
URL Logo UBUNTU USN-4495-1
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200602 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update Mailing List
Third Party Advisory
lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo CONFIRM lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [activemq-users] 20210831 RE: Security issues
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [activemq-users] 20210427 Re: Release date for ActiveMQ v5.16.2 to fix CVEs
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211007 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-jira] 20200529 [GitHub] [kafka] ijuma commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211006 [GitHub] [bookkeeper] RaulGracia opened a new issue #2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Patch
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
Pony Mail! Mailing List
Patch
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
Pony Mail! Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-notifications] 20200108 [GitHub] [zookeeper] eolivelli opened a new pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
Oracle Critical Patch Update Advisory - April 2020 Third Party Advisory
www.oracle.com
text/html
URL Logo N/A N/A
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [logging-log4j-user] 20200224 Apache Log4j - Migration activity to 2.12.1 version - Request to support for the queries posted
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211016 [GitHub] [bookkeeper] pkumar-singh commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571)
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-issues] 20211018 [GitHub] [bookkeeper] RaulGracia commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [kafka-dev] 20210611 Re: [DISCUSS] KIP-719: Add Log4J2 Appender
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-issues] 20200108 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
CVE-2019-17571 Apache Log4j Vulnerability in NetApp Products | NetApp Product Security Third Party Advisory
security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20200110-0001/
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [jena-dev] 20200318 Re: Logging (JENA-1005)
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [portals-pluto-dev] 20210629 [jira] [Closed] (PLUTO-787) Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
Pony Mail! Mailing List
Patch
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - April 2021 www.oracle.com
text/html
URL Logo MISC www.oracle.com/security-alerts/cpuApr2021.html
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [bookkeeper-commits] 20211014 [bookkeeper] branch master updated: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571 (#2816)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
Pony Mail! Mailing List
Vendor Advisory
lists.apache.org
text/html
URL Logo MLIST [kafka-dev] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571

Related QID Numbers

  • 199275 Ubuntu Security Notification for Apache Log4j Vulnerabilities (USN-5998-1)
  • 353112 Amazon Linux Security Advisory for log4j : ALAS-2022-1562
  • 372577 IBM Spectrum Control (Tivoli Storage Productivity Center) Apache Log4j vulnerability (1488939)
  • 980407 Java (maven) Security Update for log4j:log4j (GHSA-2qrg-x229-3v8q)

Exploit/POC from Github

Environment for CVE_2019_17571

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheBookkeeperAllAllAllAll
ApplicationApacheLog4jAllAllAllAll
Operating
System
CanonicalUbuntu Linux18.04AllAllAll
Operating
System
CanonicalUbuntu Linux18.04AllAllAll
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux9.0AllAllAll
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux9.0AllAllAll
ApplicationNetappOncommand System ManagerAllAllAllAll
ApplicationNetappOncommand Workflow Automation-AllAllAll
ApplicationNetappOncommand Workflow Automation-AllAllAll
Operating
System
OpensuseLeap15.1AllAllAll
Operating
System
OpensuseLeap15.1AllAllAll
ApplicationOracleApplication Testing Suite13.3.0.1AllAllAll
ApplicationOracleApplication Testing Suite13.3.0.1AllAllAll
ApplicationOracleCommunications Network IntegrityAllAllAllAll
ApplicationOracleEndeca Information Discovery Studio3.2.0AllAllAll
ApplicationOracleEndeca Information Discovery Studio3.2.0AllAllAll
ApplicationOracleFinancial Services Lending And Leasing12.5.0AllAllAll
ApplicationOracleFinancial Services Lending And Leasing12.5.0AllAllAll
ApplicationOracleFinancial Services Lending And LeasingAllAllAllAll
ApplicationOracleMysql Enterprise MonitorAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOracleRapid Planning12.1AllAllAll
ApplicationOracleRapid Planning12.2AllAllAll
ApplicationOracleRapid Planning12.1AllAllAll
ApplicationOracleRapid Planning12.2AllAllAll
ApplicationOracleRetail Extract Transform And Load19.0AllAllAll
ApplicationOracleRetail Extract Transform And Load19.0AllAllAll
ApplicationOracleRetail Service Backbone14.1AllAllAll
ApplicationOracleRetail Service Backbone15.0AllAllAll
ApplicationOracleRetail Service Backbone16.0AllAllAll
ApplicationOracleRetail Service Backbone14.1AllAllAll
ApplicationOracleRetail Service Backbone15.0AllAllAll
ApplicationOracleRetail Service Backbone16.0AllAllAll
ApplicationOracleWeblogic Server10.3.6.0.0AllAllAll
ApplicationOracleWeblogic Server12.1.3.0.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.3.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.4.0AllAllAll
ApplicationOracleWeblogic Server14.1.1.0.0AllAllAll
ApplicationOracleWeblogic Server10.3.6.0.0AllAllAll
ApplicationOracleWeblogic Server12.1.3.0.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.3.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.4.0AllAllAll
ApplicationOracleWeblogic Server14.1.1.0.0AllAllAll
  • cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @pottrsec Critical CVE updated: CVE-2019-17571 #SocketServer "Included in Log4j 1.2 is a SocketServer class that is vulnerab… twitter.com/i/web/status/1… 2021-10-14 21:00:00
Twitter Icon @GenKa_232 なんでLog4j1.xを気にするのだろう…。 もし居るならCVE-2019-17571とか放置されてるから今に始まったことじゃない。 いるかもしれない理論はやり切れないね。 2021-12-10 06:12:14
Twitter Icon @kazup0n @_ryskit cvedetails.com/cve/CVE-2019-1… これ 2021-12-10 09:16:14
Twitter Icon @kazup0n log4j 1.2系には別の脆弱性あるのでアップデートしましょう cvedetails.com/cve/CVE-2019-1… 2021-12-10 09:16:56
Twitter Icon @_S00pY @C1ar3nce_ @GossiTheDog It is PoC for cvedetails.com/cve/CVE-2019-1… 2021-12-10 13:05:30
Twitter Icon @Darkarnium @C1ar3nce_ @GossiTheDog Ah @_S00pY mentioned it below! Agreed, it looks to me like an exploit for CVE-2019-17571 :) 2021-12-10 13:35:21
Twitter Icon @joe3barrera @_rglx @di_v_erge 2019 2021-12-10 13:43:22
Twitter Icon @mima_ita log4j1.x系の場合、バージョンアップつらそうだなぁ...と思ったけど、そもそも、別のセキュリティホールがあるので、CVE-2019-17571の時点でlog4j2.xに上がっているはずだし、このリスクを許容しているなら今回も… twitter.com/i/web/status/1… 2021-12-10 14:19:07
Twitter Icon @MikeStucka @jeremybowers @ElectProject Deja vu all over again? ubuntu.com/security/CVE-2… 2021-12-10 15:28:46
Twitter Icon @HermanBovens @CodeBosw8r Welja, die is al meer dan 6 jaar end of life, de vulnerability cvedetails.com/cve/CVE-2019-1… die daar in zit… twitter.com/i/web/status/1… 2021-12-10 17:06:53
Twitter Icon @ozuma5119 @pwntester This is CVE-2019-17571. Java安全之log4j反序列化漏洞分析: cnblogs.com/nice0e3/p/1453… 2021-12-10 17:48:17
Twitter Icon @stek29 @timinbrum @tjhorner Are you referring to github.com/nice0e3/log4j_…? It might be about CVE-2019-17571, not CVE-2021-44228 2021-12-10 18:11:22
Twitter Icon @pwntester Ok, scratch that it seems that was for CVE-2019-17571 phewww twitter.com/pwntester/stat… 2021-12-10 18:22:47
Twitter Icon @NinanReuben 2021-12-10 18:57:06
Twitter Icon @xranby @FiLiS @lattera log4j 1.2 - 1.2.17 users -> cvedetails.com/cve/CVE-2019-1… 2021-12-10 22:11:11
Twitter Icon @ZacShaiken @ceki @WietseWind Ah seems like a different issue I'm looking at: "CVE-2019-17571: For Apache log4j versions from… twitter.com/i/web/status/1… 2021-12-10 23:14:41
Twitter Icon @mima_ita @gokou_kotori ありがとうございます。その場合すでにCVE-2019-17571にひっかかりそうですね。 2021-12-11 01:18:35
Twitter Icon @mobiuscog @brunoborges That is likely related to 2021-12-11 09:14:01
Twitter Icon @80vul No! No! No! The vulnerability in this project is CVE-2019-17571, source: cnblogs.com/nice0e3/p/1453… It is not the curr… twitter.com/i/web/status/1… 2021-12-11 14:40:13
Twitter Icon @Har_sia CVE-2019-17571 har-sia.info/CVE-2019-17571… #HarsiaInfo 2021-12-11 15:01:07
Twitter Icon @thiloginkel @robert_we In letzterem steckt dann CVE-2019-17571 drin ? 2021-12-11 16:42:41
Twitter Icon @cveiche @dinodaizovi very different bug (cve-2019-17571) 2021-12-11 17:42:49
Twitter Icon @marcwrogers @brunoborges Different older log4j vuln. its CVE-2019-17571 2021-12-11 21:57:48
Twitter Icon @marcwrogers Everyone retweeting github.com/nice0e3/log4j_… please note it is an older vuln, CVE-2019-17571 not the current CVE-2021-44228. 2021-12-11 22:00:48
Twitter Icon @08ae027a @ZKP8128 @eastdakota That exploit is for an older vulnerability, CVE-2019-17571: Source: cnblogs.com/nice0e3/p/1453… 2021-12-12 01:04:55
Twitter Icon @AndyVic14 @ceki @nipafx @xeraa Thanks Ceki, I have only one remark: Log4J v1 has CVE-2019-17571 that is critical and extremel… twitter.com/i/web/status/1… 2021-12-12 07:52:11
Twitter Icon @tbroyer @hsivonen Wrt Log4j 1.x: cvedetails.com/cve/CVE-2019-1… 2021-12-12 13:21:32
Twitter Icon @rahuly26 @AndyVic14 @ceki @nipafx @xeraa Hi Andy, Could you please share, how can we fix Log4J v1 CVE-2019-17571? 2021-12-12 14:20:28
Twitter Icon @AndyVic14 @sirsquishy79 @KillSwitchX7 @AlyssaM_InfoSec It seems to me that this POC is related to CVE-2019-17571 that affects Log4J v1. 2021-12-12 15:50:49
Twitter Icon @Turowski is latest #qradar vulnerable to both CVE-2019-17571 and CVE-2021-44228? #log4j #log4shell https://t.co/eLNuSPClH3 2021-12-12 22:06:18
Twitter Icon @thesp0nge If you're using log4j 1.x, and you shouldn't do that, make sure you're not vulnerable to 2021-12-13 09:30:17
Twitter Icon @ydroneaud @follc @zwindler "Version 1 of log4j is vulnerable to other RCE attacks (like CVE-2019-17571), and if you're using… twitter.com/i/web/status/1… 2021-12-13 13:04:44
Twitter Icon @ghostlyric log4j脆弱性問題。週明けの今日、開発担当に確認すると、log4j1.x系なので脆弱性の影響なしとのこと。安堵するとともに、それでいいのかという気持ち。twitter上では、CVE-2019-17571という重大な脆弱性を抱えているとの指摘あり。うーん、どうしますかね。 2021-12-13 13:53:12
Twitter Icon @fluepke @giantwallaby Das ist ein PoC für eine alte unter cvedetails.com/cve/CVE-2019-1… bekannte Schwachstelle. 2021-12-13 16:52:28
Twitter Icon @fluepke @andreasdotorg Auch bekannt als cvedetails.com/cve/CVE-2019-1… 2021-12-13 16:53:34
Twitter Icon @fluepke @da_667 It's an old exploit for an old vulnerability in old software cvedetails.com/cve/CVE-2019-1… This is not related to #Log4Shell 2021-12-13 16:55:27
Twitter Icon @CostinCozianu @shehackspurple cvedetails.com/cve/CVE-2019-1… Unlike the current one where most configs are vulnerable by default, the 1… twitter.com/i/web/status/1… 2021-12-13 16:56:14
Twitter Icon @secc_mo @vavkamil @netbroom This PoC is for CVE-2019-17571 ;) 2021-12-13 19:46:31
Twitter Icon @thacybermaniac @fakesmirkz @ShadowM82 Not the best idea: cvedetails.com/cve/CVE-2019-1… 2021-12-13 20:09:55
Twitter Icon @JBPlatform Mentioned CVE-2019-17571 is not directly related to the CVE-2021-44228 discovered lately, but since we use an older… twitter.com/i/web/status/1… 2021-12-13 21:05:25
Twitter Icon @0xC0LIN .@GreyNoiseIO have you seen any upticks in traffic related to CVE-2019-17571? (RCE present in log4j 1.2-1.2.17) 2021-12-13 21:13:03
Twitter Icon @BertieBrink 2019 version 1.2? 2021-12-13 22:51:05
Twitter Icon @Mofu_Master log4j 1.x は比較的影響が少ない、って胸をなでおろしてる人がいたら CVE-2019-17571(CVSS 9.8) github.com/advisories/GHS… こんなのとかもあるから安心するのはまだ早いぜベイベェ… twitter.com/i/web/status/1… 2021-12-14 02:04:01
Twitter Icon @sporri @stridergdm @SQLServer 2021-12-14 15:08:16
Twitter Icon @DirkHondong @fatherjack @sporri @SQLServer Hi Jonathan It is 1.2.17 but as sporry mentioned: Also: it… twitter.com/i/web/status/1… 2021-12-14 15:18:07
Twitter Icon @mikeymikey @zoocoup For example: CVE-2019-17571 is a deserialization attack - one of the nastiest things you can see in Java b… twitter.com/i/web/status/1… 2021-12-14 15:51:00
Twitter Icon @RahulGoswami02 @ceki @mdhardeman @thejonmccoy Is this an explanation for CVE-2019-17571 ?() There is limite… twitter.com/i/web/status/1… 2021-12-14 17:32:41
Twitter Icon @bvanvelsen @kpellegr *kuch cvedetails.com/cve/CVE-2019-1… 2021-12-14 18:17:16
Twitter Icon @OpenPrunus @hdjebar Sûr ? 2021-12-14 19:42:03
Twitter Icon @Guile44 @bortzmeyer Je n'ai trouvé que celle là qui affecte la v1, CVSS de 7.5 quand même ! cvedetails.com/cve/CVE-2019-1… 2021-12-14 20:31:02
Twitter Icon @llehmann_ @cyb3rops @Securityblog @Atlassian So they should be vulnerable to which is rated with 9.8 Critical via CVSS 3 2021-12-15 08:31:19
Twitter Icon @SecuriteInfoCom Paid subscriptions now detect CVE-2019-17571 and CVE-2021-44228 vulnerable files. You can now scan your servers for… twitter.com/i/web/status/1… 2021-12-16 09:16:14
Twitter Icon @anthonykava .@rroobbiinn FMAudit has shipped with #log4j 1.2 (CVE-2019-17571 not #Log4Shell) as part of Spring which doesn't us… twitter.com/i/web/status/1… 2021-12-16 17:53:56
Twitter Icon @GitPushAll @rickhanlonii If you've already been attacked via CVE-2019-17571 you've got the antibodies. 2021-12-16 22:11:00
Twitter Icon @hpbaxter @backbase hello, from what I see backbase 5.9 is not vulnerable to #LOG4J CVE-2021-44228 but what about CVE-2019-17571? thnaks 2021-12-17 08:34:44
Twitter Icon @ByQwert @ov3rflow1 @walter_bhai @fs0c131y CVE-2019-17571 2021-12-17 10:59:51
Twitter Icon @KorbenD_Intel @TheHackersNews CVE-2019-17571 (CVSS score 7.5) 2021-12-18 19:50:36
Twitter Icon @lukebailiff @Dick_Reverse @cyb3rops I think you are not accounting for CVE-2019-17571 in the v1 section of the mind map. It is… twitter.com/i/web/status/1… 2021-12-19 13:23:13
Twitter Icon @OpenPrunus @PykPyky @Keruspe Non. 2021-12-19 20:59:34
Twitter Icon @5M7X @pwntester Did an analysis together with a friend and it is Log4j1.2.16 via CVE-2019-17571. Funny tho the toolkit c… twitter.com/i/web/status/1… 2021-12-19 22:13:34
Twitter Icon @fpientka Interessting discussion about #log4j 1.2.17 EOL move out of incubator or git to fix open cves CVE-2019-17571 CVE-20… twitter.com/i/web/status/1… 2021-12-22 09:08:59
Twitter Icon @eingfoan @Dick_Reverse should we include cvedetails.com/cve/CVE-2019-1… in the chart? 2021-12-22 09:09:15
Twitter Icon @fpientka @grobmeier @TheASF There are still open cves in log4j1 CVE-2019-17571 CVE-2021-4104 and the log4j2 compatibility wrapper is not sufficient 2021-12-22 14:37:38
Twitter Icon @thomasmechen @isotopp cvedetails.com/cve/CVE-2019-1… 2021-12-23 11:30:29
Twitter Icon @fpientka @jbonofre @rmannibucau @TheASF CVE-2021-4104 CVE-2019-17571 2022-01-08 14:29:30
Twitter Icon @yamadamn とっくにEOLとなったLog4j 1.xに影響を与えるCVEを公開したとのこと。 CVE-2019-17571 CVE-2020-9488 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 C… twitter.com/i/web/status/1… 2022-01-19 11:43:16
Reddit Logo Icon /r/qztray QZTray and log4j (CVE-2019-17571, CVE-2021-44228) 2021-12-14 16:38:16
Reddit Logo Icon /r/QRadar How after this long????????? Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution 2022-10-27 14:25:03
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report