WEB APPLICATION VULNERABILITIES Standard & Premium

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)

Description

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Remediation

References

Related Vulnerabilities

WordPress Plugin Simple Admin Language Change Security Bypass (2.0.1)

MediaWiki Other Vulnerability (CVE-2005-4031)

WordPress Plugin WP Quick FrontEnd Editor Multiple Vulnerabilities (5.5)

Oracle JRE CVE-2013-0449 Vulnerability (CVE-2013-0449)

WordPress Plugin Newsletter-Send awesome emails from WordPress Open Redirect (3.7.0)

Severity

Critical

Classification

CVE-2019-17571 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities