 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.104607 |
| Category: | Denial of Service |
| Title: | Apache Log4j 1.x DoS Vulnerability (Mar 2023) |
| Summary: | Apache Log4j is prone to a denial of service (DoS); vulnerability. |
| Description: | Summary: Apache Log4j is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: When using the Chainsaw or SocketAppender components an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. Affected Software/OS: Apache Log4j versions 1.x on Java Runtime Environment (JRE) less than 1.7. Solution: No solution was made available by the vendor. Note: Apache Log4j 1.x reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-26464 https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t |
| Copyright | Copyright (C) 2023 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |