Date Published: 2022-01-24
QID 353112: Amazon Linux Security Advisory for log4j : ALAS-2022-1562
It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via tcp or udp.
An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (
( CVE-2017-5645) a flaw was discovered in log4j, where a vulnerable socketserver class may lead to the deserialization of untrusted data.
This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget. (
( CVE-2019-17571) a flaw was found in the java logging library apache log4j in version 1.x.
Jmsappender in log4j 1.x is vulnerable to deserialization of untrusted data.
This allows a remote attacker to execute code on the server if the deployed application is configured to use jmsappender and to the attacker's jndi ldap endpoint. (
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS-2022-1562 - alas.aws.amazon.com/ALAS-2022-1562.html