CVE-2019-17571
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-17571
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Log4j 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j 1.2版本中存在代码问题漏洞。攻击者可利用该漏洞执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Log4j | versions up to 1.2.17 | - |
II. Public POCs for CVE-2019-17571
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Apache Log4j 1.2.X存在反序列化远程代码执行漏洞 | https://github.com/shadow-horse/CVE-2019-17571 | POC Details |
| 2 | Environment for CVE_2019_17571 | https://github.com/Al1ex/CVE-2019-17571 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-17571
请登录查看更多情报信息。
- https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
- https://security.netapp.com/advisory/ntap-20200110-0001/x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.htmlvendor-advisoryx_refsource_SUSE
- [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar-Apache Mail Archivesmailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2019-17571
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-35194
Apache Flink: Remote code execution via SQL injection in cod - CVE-2026-45205
Apache Commons Configuration: StackOverflowError for YAML in - CVE-2026-43515
Apache Tomcat: Security constraints not correctly applied - CVE-2026-43514
Apache Tomcat: AJP secret compared in non-constant time - CVE-2026-43513
Apache Tomcat: LockOutRealm treats user names as case-sensit
Same weakness: CWE-502
- CVE-2026-44501
DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerabili - CVE-2026-1184
Deserialization of Untrusted Data in GitLab - CVE-2026-41957
BIG-IP and BIG-IQ Configuration utility vulnerability - CVE-2026-7635
coreActivity: Activity Logging for WordPress <= 3.0 - Unauth - CVE-2026-34659
Adobe Connect | Deserialization of Untrusted Data (CWE-502)
V. Comments for CVE-2019-17571
No comments yet