The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of log4j

Apache Log4j: security improvement via SerializedLayout/JsonLayout
The security of Apache Log4j was improved via SerializedLayout/JsonLayout...
Apache Log4j: external XML entity injection
An attacker can transmit malicious XML data to Apache Log4j, in order to read a file, scan sites, or trigger a denial of service...
Apache log4j: code execution via Socket Server Deserialization
An attacker can use a vulnerability via Socket Server Deserialization of Apache log4j, in order to run code...
cpuapr2018, cpuapr2019, cpuapr2020, cpujan2018, cpujan2019, cpujan2020, cpujul2018, cpujul2019, cpujul2020, cpuoct2018, cpuoct2020, CVE-2017-5645, ESA-2017-05, FEDORA-2017-2ccfbd650a, FEDORA-2017-511ebfa8a3, FEDORA-2017-7e0ff7f73a, FEDORA-2017-8348115acd, FEDORA-2017-b8358cda24, JSA10838, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:2423-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:2808-01, RHSA-2017:2809-01, RHSA-2017:2810-01, RHSA-2017:2811-01, RHSA-2017:2888-01, RHSA-2017:2889-01, RHSA-2017:3244-01, RHSA-2017:3399-01, RHSA-2017:3400-01, VIGILANCE-VUL-22460
Apache log4j: memory leak via MDC and ThreadLocal
When an application uses an org.apache.log4j.MDC object, an attacker can call it to generate a memory leak, leading to a denial of service...
50486, VIGILANCE-VUL-11659
Our database contains other pages. You can request a free trial to read them.

Display information about log4j: