QID 376504

Date Published: 2022-06-16

QID 376504: Apache Chainsaw Malicious Code Execution Vulnerability

CVE-2022-23307 is a critical severity against the chainsaw component in Log4j 1.x. This is the same issue corrected in CVE-2020-9493 fixed in Chainsaw 2.1.0 but Chainsaw was included as part of Log4j 1.2.x.
Affected Versions:
Prior to Chainsaw V2.0

QID detection logic(Authenticated):
This QID checks for vulnerable versions of Chainsaw

NOTE: QID will detect Chainsaw versions only work if the Chainsaw process running.

A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code.

CVSS V3 rated as Critical - 8.8 severity.

CVSS V2 rated as Critical - 9 severity.

Solution

Users are advised to download latest version, For more info kindly refer to CVE-2022-23307

Vendor References

Chainsaw - seclists.org/oss-sec/2022/q1/52

CVEs related to QID 376504

CVE-2022-23307 |

Software Advisories

Advisory ID	Software	Component	Link
CVE-2022-23307			logging.apache.org/log4j/1.2/index.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].