Uploaded image for project: 'mod-inventory'
  1. mod-inventory
  2. MODINV-197

Fix security vulnerability reported in log4j >= 1.2, <= 1.2.27

    XMLWordPrintable

    Details

    • Template:
      Standard Bug Write-Up Format
    • Sprint:
      Core: F - Sprint 92, Core: F - Sprint 93, Core: F - Sprint 94, Core: F - Sprint 96, Core: F - Sprint 97
    • Story Points:
      3
    • Development Team:
      Prokopovych

      Description

      CVE-2019-17571

      moderate severity

      *Vulnerable versions:* >= 1.2, <= 1.2.27

      *Patched version:* No fix

      Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                peter Peter Murray
                Tester Assignee:
                Peter Murray Peter Murray
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases