QID 353112

Date Published: 2022-01-24

QID 353112: Amazon Linux Security Advisory for log4j : ALAS-2022-1562

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via tcp or udp.
An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (
( CVE-2017-5645) a flaw was discovered in log4j, where a vulnerable socketserver class may lead to the deserialization of untrusted data.
This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget. (
( CVE-2019-17571) a flaw was found in the java logging library apache log4j in version 1.x.
Jmsappender in log4j 1.x is vulnerable to deserialization of untrusted data.
This allows a remote attacker to execute code on the server if the deployed application is configured to use jmsappender and to the attacker's jndi ldap endpoint. (
( CVE-2021-4104)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
  • Solution
    Please refer to Amazon advisory: ALAS-2022-1562 for affected packages and patching details, or update with your package manager.
    Vendor References

    CVEs related to QID 353112

    Software Advisories
    Advisory ID Software Component Link
    ALAS-2022-1562 Amazon Linux URL Logo alas.aws.amazon.com/ALAS-2022-1562.html