Apache Software Foundation Log4j 2.0 Beta8

CPE Details

Apache Software Foundation Log4j 2.0 Beta8
apache
log4j
2.0
2017-04-24
22h51 +00:00
2017-04-24
22h51 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*

Informations

Vendor

apache

Product

log4j

Version

2.0

Update

beta8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44832 2021-12-28 18h35 +00:00 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
6.6
Medium
CVE-2021-45105 2021-12-18 10h55 +00:00 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
5.9
Medium
CVE-2020-9488 2020-04-27 13h36 +00:00 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
3.7
Low
CVE-2017-5645 2017-04-17 19h00 +00:00 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
9.8
Critical