7.5
CVSSv3

CVE-2023-26464

Published: 10/03/2023 Updated: 23/10/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

Denial of Service Vulnerability in Unsupported Apache Log4j 1.x Components

Using Chainsaw or SocketAppender in Log4j 1.x with JRE under 1.7 has a vulnerability. An attacker can create a logging entry with a specially-crafted, deeply nested hashmap or hashtable. This can exhaust the virtual machine's memory during deserialization, causing a Denial of Service. This affects Apache Log4j versions before 2. Users should update to Log4j 2.x. Note: This issue only affects products that are no longer supported.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache log4j

Vendor Advisories

Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 7413 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Applicatio ...
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...