Denial of Service Vulnerability in Unsupported Apache Log4j 1.x Components
Using Chainsaw or SocketAppender in Log4j 1.x with JRE under 1.7 has a vulnerability. An attacker can create a logging entry with a specially-crafted, deeply nested hashmap or hashtable. This can exhaust the virtual machine's memory during deserialization, causing a Denial of Service. This affects Apache Log4j versions before 2. Users should update to Log4j 2.x. Note: This issue only affects products that are no longer supported.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache log4j |