Back to search
CVE-2019-17571
Published: Dec 20, 2019
Modified: May 28, 2026
PUBLISHED
Description
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Log4j | affected versions up to 1.2.17 |
Weaknesses (CWE)
References
[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
x_refsource_MLIST
[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update
mailing-list
x_refsource_MLIST
openSUSE-SU-2020:0051
vendor-advisory
x_refsource_SUSE
[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
mailing-list
x_refsource_MLIST
[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329
mailing-list
x_refsource_MLIST
[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
x_refsource_MLIST
[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
x_refsource_MLIST
[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
mailing-list
x_refsource_MLIST
[zookeeper-user] 20200201 Re: Zookeeper 3.5.6 supports log4j 2.x?
mailing-list
x_refsource_MLIST
[jena-dev] 20200318 Re: Logging (JENA-1005)
mailing-list
x_refsource_MLIST
[druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization
mailing-list
x_refsource_MLIST
DSA-4686
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200110-0001/
x_refsource_CONFIRM
USN-4495-1
vendor-advisory
x_refsource_UBUNTU
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
x_refsource_MLIST
[kafka-users] 20210210 Security: CVE-2019-17571 (log4j)
mailing-list
x_refsource_MLIST
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
mailing-list
x_refsource_MLIST
[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2534) Log4j flagged as critical security violation
mailing-list
x_refsource_MLIST
[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs
mailing-list
x_refsource_MLIST
[activemq-users] 20210427 Re: Release date for ActiveMQ v5.16.2 to fix CVEs
mailing-list
x_refsource_MLIST
[kafka-dev] 20210611 Re: [DISCUSS] KIP-719: Add Log4J2 Appender
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
[kafka-users] 20210617 vulnerabilities
mailing-list
x_refsource_MLIST
[portals-pluto-dev] 20210629 [jira] [Closed] (PLUTO-787) Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
mailing-list
x_refsource_MLIST
[portals-pluto-dev] 20210629 [jira] [Updated] (PLUTO-787) Migrate from Log4j 1.x to Log4j 2.x due to CVE-2019-17571
mailing-list
x_refsource_MLIST
[activemq-users] 20210830 Security issues
mailing-list
x_refsource_MLIST
[activemq-users] 20210831 RE: Security issues
mailing-list
x_refsource_MLIST
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now