QwikSec

Security Database

CVE

CWE

Training

CVE-2020-9488

Published: Apr 27, 2020

Modified: May 29, 2026

PUBLISHED

Description

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Vendor	Product	Versions
Apache	Apache Log4j	affected `log4j-core 2.13.0` affected `log4j-core - < 2.12.3`

References

[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-dev] 20200504 log4j SmtpAppender related CVE

mailing-list

x_refsource_MLIST

[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488

mailing-list

x_refsource_MLIST

[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities

mailing-list

x_refsource_MLIST

[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities

mailing-list

x_refsource_MLIST

[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488

mailing-list

x_refsource_MLIST

[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488

mailing-list

x_refsource_MLIST

[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://issues.apache.org/jira/browse/LOG4J2-2819

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20200504-0003/

x_refsource_CONFIRM

[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E

x_refsource_MISC

[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?

mailing-list

x_refsource_MLIST

[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?

mailing-list

x_refsource_MLIST

[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488

mailing-list

x_refsource_MLIST

[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

mailing-list

x_refsource_MLIST

[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

[kafka-users] 20210617 vulnerabilities

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.