** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
History

Mon, 25 Nov 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

Wed, 23 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-03-10T13:38:16.190Z

Updated: 2024-10-23T16:40:55.981Z

Reserved: 2023-02-23T16:15:06.902Z

Link: CVE-2023-26464

cve-icon Vulnrichment

Updated: 2024-08-02T11:53:52.958Z

cve-icon NVD

Status : Modified

Published: 2023-03-10T14:15:10.453

Modified: 2024-11-21T07:51:33.113

Link: CVE-2023-26464

cve-icon Redhat

Severity : Important

Publid Date: 2023-03-15T00:00:00Z

Links: CVE-2023-26464 - Bugzilla