Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4305

log4j CVE problem

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Duplicate
    • 3.6.2
    • None
    • security
    • None

    Description

      Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.this affects Log4j versions up to 1.2 up to 1.2.17.

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              neal zhao zhaozhengbin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: