[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer

CVE-2019-17571: Deserialization of untrusted data in SocketServer Severity: Critical CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:W Product: Apache Log4j Versions Affected: Apache Log4j up to and including 1.2.27. Separately fixed by CVE-2017-5645 in Log4j 2.8.2. Problem type: CWE-502: Deser

Re: Blog post

Thanks for the link, nice write up :-) Gary On Tue, Dec 17, 2019, 00:58 Apache wrote: > I thought you all might be interested in this - > https://www.ralphgoers.com/home/why-was-log4j-2-created. I plan to write > a few entries on what is new in Log4J. > > Ralph