Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 6.6.18, 7.4.1, 7.5.1, 7.6.0
Affects Version/s: 7.3.0, 7.4.0
Component/s: Server - Platform
Labels:

Fixed in Long Term Support Release/s:

Download 6.6, 7.4
Symptom Severity:
Severity 2 - Major

Issue Summary

Arbitrary Code Execution in confserver/confluence (master)

Steps to Reproduce

Vulnerability: Arbitrary Code Execution
Severity: High
Project: confserver/confluence
Branch: master
Scan Date: Unknown
Vulnerability ID: CVE-2019-17571

log4j-core is vulnerable to arbitrary code execution. Deserialization of untrusted data in `TcpSocketServer` and `UdpSocketServer` when listening for log data allows an attacker to execute arbitrary code via a malicious deserialization gadget.

View more details

Expected Results

N/A

Actual Results

N/A

Workaround

N/A

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(5 mentioned in)

Assignee:: Hasnae (Inactive)
Reporter:: Andrei Khudavets
Votes:: 1 Vote for this issue
Watchers:: 15 Start watching this issue

Due:: 07/Jun/2020
Created:: 02/Mar/2020 3:58 AM
Updated:: 07/Jul/2022 7:58 PM
Resolved:: 05/Jun/2020 10:13 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Activity

People

Dates