Description
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-1999-0107)
WordPress Plugin AMP Toolbox Cross-Site Scripting (1.9.4)
WordPress Plugin RestroPress-Online Food Ordering System Security Bypass (2.8.3)
Mailman Other Vulnerability (CVE-2002-0389)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)