Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Moderate

CVE-2019-17571

Disclosure Date: December 20, 2019 (last updated November 08, 2023)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.