CVE-2020-9488

Beschreibung:
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

CWE: CWE-295

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: LOW – 3.7 (Version: 3.1)

Links:

NVD – CVE-2020-9488
CVE – CVE-2020-9488

Link (max. 20) Quelle Tags
https://issues.apache.org/jira/browse/LOG4J2-2819 CONFIRM Issue Tracking Mitigation Patch Vendor Advisory
[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 MLIST Mailing List Vendor Advisory
[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 MLIST Mailing List Vendor Advisory
https://security.netapp.com/advisory/ntap-20200504-0003/ CONFIRM Third Party Advisory Third Party Advisory
[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489 MLIST Mailing List Vendor Advisory
[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 MLIST Mailing List Vendor Advisory
[zookeeper-dev] 20200504 log4j SmtpAppender related CVE MLIST Mailing List Vendor Advisory
[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 MLIST Mailing List Vendor Advisory
[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 MLIST Mailing List Vendor Advisory
[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 MLIST Mailing List Vendor Advisory
[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 MLIST Mailing List Patch Vendor Advisory
[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 MLIST Mailing List Vendor Advisory
[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 MLIST Mailing List Patch Vendor Advisory
[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488 MLIST Mailing List Patch Vendor Advisory
[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488 MLIST Mailing List Vendor Advisory
[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities MLIST Mailing List Vendor Advisory
[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities MLIST Mailing List Vendor Advisory
[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 MLIST Mailing List Vendor Advisory
[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 MLIST Mailing List Vendor Advisory
[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488 MLIST Mailing List Vendor Advisory

Quelle: NVD – CVE-2020-9488
Datum Veröffentlichung: 2020-04-27T16:15Z, Datum letzte Änderung: 2021-05-10T11:15Z