The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Apache log4j

Apache log4j: Man-in-the-Middle via SmtpAppender
An attacker can act as a Man-in-the-Middle via SmtpAppender on Apache log4j, in order to read or write data in the session...
CVE-2020-9488, VIGILANCE-VUL-32095
Apache Log4j 1.2: code execution via Socket Server Deserialization
An attacker can use a vulnerability via Socket Server Deserialization of Apache Log4j 1.2, in order to run code...
6198380, cpuapr2020, CVE-2019-17571, DLA-2065-1, DSA-4686-1, NTAP-20200110-0001, openSUSE-SU-2020:0051-1, SUSE-SU-2020:0053-1, SUSE-SU-2020:0054-1, SUSE-SU-2020:14267-1, VIGILANCE-VUL-31193
Apache Log4j: security improvement via SerializedLayout/JsonLayout
The security of Apache Log4j was improved via SerializedLayout/JsonLayout...
VIGILANCE-VUL-23902
Apache Log4j: external XML entity injection
An attacker can transmit malicious XML data to Apache Log4j, in order to read a file, scan sites, or trigger a denial of service...
VIGILANCE-VUL-23698
Apache log4j: code execution via Socket Server Deserialization
An attacker can use a vulnerability via Socket Server Deserialization of Apache log4j, in order to run code...
cpuapr2018, cpuapr2019, cpuapr2020, cpujan2018, cpujan2019, cpujan2020, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-5645, ESA-2017-05, FEDORA-2017-2ccfbd650a, FEDORA-2017-511ebfa8a3, FEDORA-2017-7e0ff7f73a, FEDORA-2017-8348115acd, FEDORA-2017-b8358cda24, JSA10838, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:2423-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:2808-01, RHSA-2017:2809-01, RHSA-2017:2810-01, RHSA-2017:2811-01, RHSA-2017:2888-01, RHSA-2017:2889-01, RHSA-2017:3244-01, RHSA-2017:3399-01, RHSA-2017:3400-01, VIGILANCE-VUL-22460
Apache log4j: memory leak via MDC and ThreadLocal
When an application uses an org.apache.log4j.MDC object, an attacker can call it to generate a memory leak, leading to a denial of service...
50486, VIGILANCE-VUL-11659
Our database contains other pages. You can request a free trial to read them.

Display information about Apache log4j: