CVE-2019-17571
Published on: 12/20/2019 12:00:00 AM UTC
Last Modified on: 12/14/2022 05:50:00 PM UTC
Certain versions of Bookkeeper from Apache contain the following vulnerability:
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
- CVE-2019-17571 has been assigned by
secu[email protected] to track the vulnerability - currently rated as CRITICAL severity.
- Affected Vendor/Software:
Apache Software Foundation - Log4j version versions up to 1.2.17
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.5 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Related QID Numbers
- 199275 Ubuntu Security Notification for Apache Log4j Vulnerabilities (USN-5998-1)
- 353112 Amazon Linux Security Advisory for log4j : ALAS-2022-1562
- 372577 IBM Spectrum Control (Tivoli Storage Productivity Center) Apache Log4j vulnerability (1488939)
- 980407 Java (maven) Security Update for log4j:log4j (GHSA-2qrg-x229-3v8q)
Exploit/POC from Github
Environment for CVE_2019_17571
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Apache | Bookkeeper | All | All | All | All |
Application | Apache | Log4j | All | All | All | All |
Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
Operating System | Debian | Debian Linux | 10.0 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Operating System | Debian | Debian Linux | 9.0 | All | All | All |
Operating System | Debian | Debian Linux | 10.0 | All | All | All |
Operating System | Debian | Debian Linux | 8.0 | All | All | All |
Operating System | Debian | Debian Linux | 9.0 | All | All | All |
Application | Netapp | Oncommand System Manager | All | All | All | All |
Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
Operating System | Opensuse | Leap | 15.1 | All | All | All |
Operating System | Opensuse | Leap | 15.1 | All | All | All |
Application | Oracle | Application Testing Suite | 13.3.0.1 | All | All | All |
Application | Oracle | Application Testing Suite | 13.3.0.1 | All | All | All |
Application | Oracle | Communications Network Integrity | All | All | All | All |
Application | Oracle | Endeca Information Discovery Studio | 3.2.0 | All | All | All |
Application | Oracle | Endeca Information Discovery Studio | 3.2.0 | All | All | All |
Application | Oracle | Financial Services Lending And Leasing | 12.5.0 | All | All | All |
Application | Oracle | Financial Services Lending And Leasing | 12.5.0 | All | All | All |
Application | Oracle | Financial Services Lending And Leasing | All | All | All | All |
Application | Oracle | Mysql Enterprise Monitor | All | All | All | All |
Application | Oracle | Primavera Gateway | All | All | All | All |
Application | Oracle | Primavera Gateway | All | All | All | All |
Application | Oracle | Rapid Planning | 12.1 | All | All | All |
Application | Oracle | Rapid Planning | 12.2 | All | All | All |
Application | Oracle | Rapid Planning | 12.1 | All | All | All |
Application | Oracle | Rapid Planning | 12.2 | All | All | All |
Application | Oracle | Retail Extract Transform And Load | 19.0 | All | All | All |
Application | Oracle | Retail Extract Transform And Load | 19.0 | All | All | All |
Application | Oracle | Retail Service Backbone | 14.1 | All | All | All |
Application | Oracle | Retail Service Backbone | 15.0 | All | All | All |
Application | Oracle | Retail Service Backbone | 16.0 | All | All | All |
Application | Oracle | Retail Service Backbone | 14.1 | All | All | All |
Application | Oracle | Retail Service Backbone | 15.0 | All | All | All |
Application | Oracle | Retail Service Backbone | 16.0 | All | All | All |
Application | Oracle | Weblogic Server | 10.3.6.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.2.1.3.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.2.1.4.0 | All | All | All |
Application | Oracle | Weblogic Server | 14.1.1.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 10.3.6.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.2.1.3.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.2.1.4.0 | All | All | All |
Application | Oracle | Weblogic Server | 14.1.1.0.0 | All | All | All |
- cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Critical CVE updated: CVE-2019-17571 #SocketServer "Included in Log4j 1.2 is a SocketServer class that is vulnerab… twitter.com/i/web/status/1… | 2021-10-14 21:00:00 |
![]() |
なんでLog4j1.xを気にするのだろう…。 もし居るならCVE-2019-17571とか放置されてるから今に始まったことじゃない。 いるかもしれない理論はやり切れないね。 | 2021-12-10 06:12:14 |
![]() |
@_ryskit cvedetails.com/cve/CVE-2019-1… これ | 2021-12-10 09:16:14 |
![]() |
log4j 1.2系には別の脆弱性あるのでアップデートしましょう cvedetails.com/cve/CVE-2019-1… | 2021-12-10 09:16:56 |
![]() |
@C1ar3nce_ @GossiTheDog It is PoC for cvedetails.com/cve/CVE-2019-1… | 2021-12-10 13:05:30 |
![]() |
@C1ar3nce_ @GossiTheDog Ah @_S00pY mentioned it below! Agreed, it looks to me like an exploit for CVE-2019-17571 :) | 2021-12-10 13:35:21 |
![]() |
@_rglx @di_v_erge 2019 | 2021-12-10 13:43:22 |
![]() |
log4j1.x系の場合、バージョンアップつらそうだなぁ...と思ったけど、そもそも、別のセキュリティホールがあるので、CVE-2019-17571の時点でlog4j2.xに上がっているはずだし、このリスクを許容しているなら今回も… twitter.com/i/web/status/1… | 2021-12-10 14:19:07 |
![]() |
@jeremybowers @ElectProject Deja vu all over again? ubuntu.com/security/CVE-2… | 2021-12-10 15:28:46 |
![]() |
@CodeBosw8r Welja, die is al meer dan 6 jaar end of life, de vulnerability cvedetails.com/cve/CVE-2019-1… die daar in zit… twitter.com/i/web/status/1… | 2021-12-10 17:06:53 |
![]() |
@pwntester This is CVE-2019-17571. Java安全之log4j反序列化漏洞分析: cnblogs.com/nice0e3/p/1453… | 2021-12-10 17:48:17 |
![]() |
@timinbrum @tjhorner Are you referring to github.com/nice0e3/log4j_…? It might be about CVE-2019-17571, not CVE-2021-44228 | 2021-12-10 18:11:22 |
![]() |
Ok, scratch that it seems that was for CVE-2019-17571 phewww twitter.com/pwntester/stat… | 2021-12-10 18:22:47 |
![]() |
2021-12-10 18:57:06 | |
![]() |
@FiLiS @lattera log4j 1.2 - 1.2.17 users -> cvedetails.com/cve/CVE-2019-1… | 2021-12-10 22:11:11 |
![]() |
@ceki @WietseWind Ah seems like a different issue I'm looking at: "CVE-2019-17571: For Apache log4j versions from… twitter.com/i/web/status/1… | 2021-12-10 23:14:41 |
![]() |
@gokou_kotori ありがとうございます。その場合すでにCVE-2019-17571にひっかかりそうですね。 | 2021-12-11 01:18:35 |
![]() |
@brunoborges That is likely related to | 2021-12-11 09:14:01 |
![]() |
No! No! No! The vulnerability in this project is CVE-2019-17571, source: cnblogs.com/nice0e3/p/1453… It is not the curr… twitter.com/i/web/status/1… | 2021-12-11 14:40:13 |
![]() |
CVE-2019-17571 har-sia.info/CVE-2019-17571… #HarsiaInfo | 2021-12-11 15:01:07 |
![]() |
@robert_we In letzterem steckt dann CVE-2019-17571 drin ? | 2021-12-11 16:42:41 |
![]() |
@dinodaizovi very different bug (cve-2019-17571) | 2021-12-11 17:42:49 |
![]() |
@brunoborges Different older log4j vuln. its CVE-2019-17571 | 2021-12-11 21:57:48 |
![]() |
Everyone retweeting github.com/nice0e3/log4j_… please note it is an older vuln, CVE-2019-17571 not the current CVE-2021-44228. | 2021-12-11 22:00:48 |
![]() |
@ZKP8128 @eastdakota That exploit is for an older vulnerability, CVE-2019-17571: Source: cnblogs.com/nice0e3/p/1453… | 2021-12-12 01:04:55 |
![]() |
@ceki @nipafx @xeraa Thanks Ceki, I have only one remark: Log4J v1 has CVE-2019-17571 that is critical and extremel… twitter.com/i/web/status/1… | 2021-12-12 07:52:11 |
![]() |
@hsivonen Wrt Log4j 1.x: cvedetails.com/cve/CVE-2019-1… | 2021-12-12 13:21:32 |
![]() |
@AndyVic14 @ceki @nipafx @xeraa Hi Andy, Could you please share, how can we fix Log4J v1 CVE-2019-17571? | 2021-12-12 14:20:28 |
![]() |
@sirsquishy79 @KillSwitchX7 @AlyssaM_InfoSec It seems to me that this POC is related to CVE-2019-17571 that affects Log4J v1. | 2021-12-12 15:50:49 |
![]() |
is latest #qradar vulnerable to both CVE-2019-17571 and CVE-2021-44228? #log4j #log4shell https://t.co/eLNuSPClH3 | 2021-12-12 22:06:18 |
![]() |
If you're using log4j 1.x, and you shouldn't do that, make sure you're not vulnerable to | 2021-12-13 09:30:17 |
![]() |
@follc @zwindler "Version 1 of log4j is vulnerable to other RCE attacks (like CVE-2019-17571), and if you're using… twitter.com/i/web/status/1… | 2021-12-13 13:04:44 |
![]() |
log4j脆弱性問題。週明けの今日、開発担当に確認すると、log4j1.x系なので脆弱性の影響なしとのこと。安堵するとともに、それでいいのかという気持ち。twitter上では、CVE-2019-17571という重大な脆弱性を抱えているとの指摘あり。うーん、どうしますかね。 | 2021-12-13 13:53:12 |
![]() |
@giantwallaby Das ist ein PoC für eine alte unter cvedetails.com/cve/CVE-2019-1… bekannte Schwachstelle. | 2021-12-13 16:52:28 |
![]() |
@andreasdotorg Auch bekannt als cvedetails.com/cve/CVE-2019-1… | 2021-12-13 16:53:34 |
![]() |
@da_667 It's an old exploit for an old vulnerability in old software cvedetails.com/cve/CVE-2019-1… This is not related to #Log4Shell | 2021-12-13 16:55:27 |
![]() |
@shehackspurple cvedetails.com/cve/CVE-2019-1… Unlike the current one where most configs are vulnerable by default, the 1… twitter.com/i/web/status/1… | 2021-12-13 16:56:14 |
![]() |
@vavkamil @netbroom This PoC is for CVE-2019-17571 ;) | 2021-12-13 19:46:31 |
![]() |
@fakesmirkz @ShadowM82 Not the best idea: cvedetails.com/cve/CVE-2019-1… | 2021-12-13 20:09:55 |
![]() |
Mentioned CVE-2019-17571 is not directly related to the CVE-2021-44228 discovered lately, but since we use an older… twitter.com/i/web/status/1… | 2021-12-13 21:05:25 |
![]() |
.@GreyNoiseIO have you seen any upticks in traffic related to CVE-2019-17571? (RCE present in log4j 1.2-1.2.17) | 2021-12-13 21:13:03 |
![]() |
2019 version 1.2? | 2021-12-13 22:51:05 |
![]() |
log4j 1.x は比較的影響が少ない、って胸をなでおろしてる人がいたら CVE-2019-17571(CVSS 9.8) github.com/advisories/GHS… こんなのとかもあるから安心するのはまだ早いぜベイベェ… twitter.com/i/web/status/1… | 2021-12-14 02:04:01 |
![]() |
@stridergdm @SQLServer | 2021-12-14 15:08:16 |
![]() |
@fatherjack @sporri @SQLServer Hi Jonathan It is 1.2.17 but as sporry mentioned: Also: it… twitter.com/i/web/status/1… | 2021-12-14 15:18:07 |
![]() |
@zoocoup For example: CVE-2019-17571 is a deserialization attack - one of the nastiest things you can see in Java b… twitter.com/i/web/status/1… | 2021-12-14 15:51:00 |
![]() |
@ceki @mdhardeman @thejonmccoy Is this an explanation for CVE-2019-17571 ?() There is limite… twitter.com/i/web/status/1… | 2021-12-14 17:32:41 |
![]() |
@kpellegr *kuch cvedetails.com/cve/CVE-2019-1… | 2021-12-14 18:17:16 |
![]() |
@hdjebar Sûr ? | 2021-12-14 19:42:03 |
![]() |
@bortzmeyer Je n'ai trouvé que celle là qui affecte la v1, CVSS de 7.5 quand même ! cvedetails.com/cve/CVE-2019-1… | 2021-12-14 20:31:02 |
![]() |
@cyb3rops @Securityblog @Atlassian So they should be vulnerable to which is rated with 9.8 Critical via CVSS 3 | 2021-12-15 08:31:19 |
![]() |
Paid subscriptions now detect CVE-2019-17571 and CVE-2021-44228 vulnerable files. You can now scan your servers for… twitter.com/i/web/status/1… | 2021-12-16 09:16:14 |
![]() |
.@rroobbiinn FMAudit has shipped with #log4j 1.2 (CVE-2019-17571 not #Log4Shell) as part of Spring which doesn't us… twitter.com/i/web/status/1… | 2021-12-16 17:53:56 |
![]() |
@rickhanlonii If you've already been attacked via CVE-2019-17571 you've got the antibodies. | 2021-12-16 22:11:00 |
![]() |
@backbase hello, from what I see backbase 5.9 is not vulnerable to #LOG4J CVE-2021-44228 but what about CVE-2019-17571? thnaks | 2021-12-17 08:34:44 |
![]() |
@ov3rflow1 @walter_bhai @fs0c131y CVE-2019-17571 | 2021-12-17 10:59:51 |
![]() |
@TheHackersNews CVE-2019-17571 (CVSS score 7.5) | 2021-12-18 19:50:36 |
![]() |
@Dick_Reverse @cyb3rops I think you are not accounting for CVE-2019-17571 in the v1 section of the mind map. It is… twitter.com/i/web/status/1… | 2021-12-19 13:23:13 |
![]() |
@PykPyky @Keruspe Non. | 2021-12-19 20:59:34 |
![]() |
@pwntester Did an analysis together with a friend and it is Log4j1.2.16 via CVE-2019-17571. Funny tho the toolkit c… twitter.com/i/web/status/1… | 2021-12-19 22:13:34 |
![]() |
Interessting discussion about #log4j 1.2.17 EOL move out of incubator or git to fix open cves CVE-2019-17571 CVE-20… twitter.com/i/web/status/1… | 2021-12-22 09:08:59 |
![]() |
@Dick_Reverse should we include cvedetails.com/cve/CVE-2019-1… in the chart? | 2021-12-22 09:09:15 |
![]() |
@grobmeier @TheASF There are still open cves in log4j1 CVE-2019-17571 CVE-2021-4104 and the log4j2 compatibility wrapper is not sufficient | 2021-12-22 14:37:38 |
![]() |
@isotopp cvedetails.com/cve/CVE-2019-1… | 2021-12-23 11:30:29 |
![]() |
@jbonofre @rmannibucau @TheASF CVE-2021-4104 CVE-2019-17571 | 2022-01-08 14:29:30 |
![]() |
とっくにEOLとなったLog4j 1.xに影響を与えるCVEを公開したとのこと。 CVE-2019-17571 CVE-2020-9488 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 C… twitter.com/i/web/status/1… | 2022-01-19 11:43:16 |
![]() |
QZTray and log4j (CVE-2019-17571, CVE-2021-44228) | 2021-12-14 16:38:16 |
![]() |
How after this long????????? Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution | 2022-10-27 14:25:03 |