CVE-2019-17571 (CNNVD-201912-950)
CRITICAL
中文标题:
Apache Log4j 代码问题漏洞
英文标题:
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted dat...
CVSS分数:
9.8
发布时间:
2019-12-20 16:01:21
漏洞类型:
代码问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j 1.2版本中存在代码问题漏洞。攻击者可利用该漏洞执行代码。
英文描述:
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CWE类型:
CWE-502
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Apache Software Foundation | Log4j | versions up to 1.2.17 | - | - |
cpe:2.3:a:apache_software_foundation:log4j:versions_up_to_1.2.17:*:*:*:*:*:*:*
|
| apache | log4j | * | - | - |
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
| debian | debian_linux | 8.0 | - | - |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 9.0 | - | - |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 10.0 | - | - |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
|
| canonical | ubuntu_linux | 18.04 | - | - |
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
|
| opensuse | leap | 15.1 | - | - |
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
|
| netapp | oncommand_system_manager | * | - | - |
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*
|
| netapp | oncommand_workflow_automation | - | - | - |
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
|
| oracle | application_testing_suite | 13.3.0.1 | - | - |
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
|
| oracle | communications_network_integrity | * | - | - |
cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*
|
| oracle | endeca_information_discovery_studio | 3.2.0 | - | - |
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
|
| oracle | financial_services_lending_and_leasing | * | - | - |
cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*
|
| oracle | financial_services_lending_and_leasing | 12.5.0 | - | - |
cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
|
| oracle | mysql_enterprise_monitor | * | - | - |
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
|
| oracle | primavera_gateway | * | - | - |
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
|
| oracle | rapid_planning | 12.1 | - | - |
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
|
| oracle | rapid_planning | 12.2 | - | - |
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
|
| oracle | retail_extract_transform_and_load | 19.0 | - | - |
cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 14.1 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 15.0 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 16.0 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 10.3.6.0.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.1.3.0.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 14.1.1.0.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
| apache | bookkeeper | * | - | - |
cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200105 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20200105 [jira] [Created] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200106 [jira] [Commented] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200106 [jira] [Assigned] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200107 [jira] [Updated] (KAFKA-9366) please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-dev] 20200107 [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200107 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200108 [jira] [Commented] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-notifications] 20200108 [GitHub] [zookeeper] eolivelli opened a new pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200108 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200108 [jira] [Assigned] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update
mailing-list
cve.org
访问
cve.org
openSUSE-SU-2020:0051
vendor-advisory
cve.org
访问
cve.org
[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-notifications] 20200118 [GitHub] [zookeeper] asfgit closed pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20200129 [jira] [Updated] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
mailing-list
cve.org
访问
cve.org
[zookeeper-user] 20200201 Re: Zookeeper 3.5.6 supports log4j 2.x?
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[logging-log4j-user] 20200224 Apache Log4j - Migration activity to 2.12.1 version - Request to support for the queries posted
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[jena-dev] 20200318 Re: Logging (JENA-1005)
mailing-list
cve.org
访问
cve.org
[druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200514 [GitHub] [kafka] jeffhuang26 commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
DSA-4686
vendor-advisory
cve.org
访问
cve.org
[kafka-jira] 20200529 [GitHub] [kafka] ijuma commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200602 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[kafka-jira] 20200624 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20200625 [GitHub] [kafka] dongjinleekr commented on pull request #7898: KAFKA-9366: please consider upgrade log4j to log4j2 due to critical security problem CVE-2019-17571
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
mailing-list
cve.org
访问
cve.org
[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Assigned] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Adress: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17221) Upgrade log4j-1.2.17 to atlassian ( To Adress: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Comment Edited] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
USN-4495-1
vendor-advisory
cve.org
访问
cve.org
[zookeeper-dev] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20201103 [jira] [Created] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20201103 [jira] [Resolved] (ZOOKEEPER-3990) Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
cve.org
访问
cve.org
[kafka-users] 20210210 Security: CVE-2019-17571 (log4j)
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20210211 [GitHub] [kafka] ch4rl353y commented on pull request #7898: KAFKA-9366: Change log4j dependency into log4j2
mailing-list
cve.org
访问
cve.org
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
mailing-list
cve.org
访问
cve.org
[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2534) Log4j flagged as critical security violation
mailing-list
cve.org
访问
cve.org
[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs
mailing-list
cve.org
访问
cve.org
[activemq-users] 20210427 Re: Release date for ActiveMQ v5.16.2 to fix CVEs
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20210611 Re: [DISCUSS] KIP-719: Add Log4J2 Appender
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[kafka-users] 20210617 vulnerabilities
mailing-list
cve.org
访问
cve.org
[portals-pluto-scm] 20210629 [portals-pluto] branch master updated: PLUTO-787 Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[portals-pluto-dev] 20210629 [jira] [Closed] (PLUTO-787) Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[portals-pluto-dev] 20210629 [jira] [Updated] (PLUTO-787) Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[portals-pluto-dev] 20210629 [jira] [Updated] (PLUTO-787) Migrate from Log4J and SLF4J dependencies due to CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[activemq-users] 20210830 Security issues
mailing-list
cve.org
访问
cve.org
[activemq-users] 20210831 RE: Security issues
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211006 [GitHub] [bookkeeper] RaulGracia opened a new issue #2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211006 [GitHub] [bookkeeper] RaulGracia opened a new pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211006 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211007 [GitHub] [bookkeeper] RaulGracia commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211007 [GitHub] [bookkeeper] RaulGracia commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211007 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211013 [GitHub] [bookkeeper] eolivelli commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-commits] 20211014 [bookkeeper] branch master updated: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571 (#2816)
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211016 [GitHub] [bookkeeper] pkumar-singh commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211017 [GitHub] [bookkeeper] eolivelli commented on a change in pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211017 [GitHub] [bookkeeper] zymap commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20211018 [GitHub] [bookkeeper] RaulGracia commented on pull request #2816: Issue 2815: Upgrade to log4j2 to get rid of CVE-2019-17571
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
CVSS评分详情
9.8
CRITICAL
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS版本:
3.1
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2019-12-20 16:01:21
修改时间:
2024-08-05 01:40:15
创建时间:
2025-11-11 15:35:39
更新时间:
2025-11-11 15:55:19
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-17571 |
2025-11-11 15:20:05 | 2025-11-11 07:35:39 |
| NVD | nvd_CVE-2019-17571 |
2025-11-11 14:56:30 | 2025-11-11 07:44:10 |
| CNNVD | cnnvd_CNNVD-201912-950 |
2025-11-11 15:10:20 | 2025-11-11 07:55:19 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:55:19
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-201912-950; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 代码问题
- cnnvd_id: 未提取 -> CNNVD-201912-950
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:44:10
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 9.8; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 1 → 28; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 1 -> 28
- data_sources: ['cve'] -> ['cve', 'nvd']