Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:MISC:APACHELOG4J-SKTSVR-RCE
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	Apache Log4j SocketServer Untrusted Deserialization
Release Date	2020/02/18
Update Number	3255
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Apache Log4j SocketServer Untrusted Deserialization

This signature detects attempts to exploit a known vulnerability against the SocketServer class of Apache Log4j. A successful attack can lead to arbitrary code execution.

Extended Description

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Affected Products

Apache log4j 1.2
Apache log4j 1.2.1
Apache log4j 1.2.10
Apache log4j 1.2.11
Apache log4j 1.2.12
Apache log4j 1.2.13
Apache log4j 1.2.14
Apache log4j 1.2.15
Apache log4j 1.2.16
Apache log4j 1.2.17
Apache log4j 1.2.2
Apache log4j 1.2.3
Apache log4j 1.2.4
Apache log4j 1.2.5
Apache log4j 1.2.6
Apache log4j 1.2.7
Apache log4j 1.2.8
Apache log4j 1.2.9

References

CVE: CVE-2019-17571

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Apache Log4j SocketServer Untrusted Deserialization

Extended Description

Affected Products

References