Vulnerability Description

On December 19 local time, Apache Software Foundation (ASF) officially released a security advisory, announcing that Apache Log4j has a deserialization issue that could cause remote code execution (CVE-2019-17571). Log4j is a Java-based open-source logging tool from the Apache Software Foundation. Log4j 1.2 includes a SocketServer class which can easily accept serialized log events and deserialize them without authentication. With the aid of deserialization tools, an attacker could use this class to remotely execute arbitrary code. (mais…)