CVE-2019-17571 vulnerability in Apache and Other Products
Published on December 20, 2019
CVE-2019-17571 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2019-17571 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2019-17571
You can be notified by stack.watch whenever vulnerabilities like CVE-2019-17571 are published in these products:
What versions are vulnerable to CVE-2019-17571?
- Apache Log4j Up to Version 1.2.17
- Debian Linux Version 8.0
- Debian Linux Version 9.0
- Debian Linux Version 10.0
- Canonical Ubuntu Linux Version 18.04
- OpenSuse Leap Version 15.1
- NetApp Oncommand Workflow Automation Version -
- NetApp Oncommand System Manager Version 3.0 through 3.1.3
- Oracle Retail Service Backbone Version 14.1
- Oracle Weblogic Server Version 220.127.116.11.0
- Oracle Retail Service Backbone Version 15.0
- Oracle Weblogic Server Version 10.3.6.0.0
- Oracle Weblogic Server Version 18.104.22.168.0
- Oracle Application Testing Suite Version 22.214.171.124
- Oracle Endeca Information Discovery Studio Version 3.2.0
- Oracle Weblogic Server Version 126.96.36.199.0
- Oracle Weblogic Server Version 188.8.131.52.0
- Oracle Rapid Planning Version 12.1
- Oracle Rapid Planning Version 12.2
- Oracle Financial Services Lending Leasing Version 14.1.0 through 14.8.0
- Oracle Financial Services Lending Leasing Version 12.5.0
- Oracle Communications Network Integrity Version 7.3.2 through 7.3.6
- Oracle Primavera Gateway Version 16.2 through 16.2.11
- Oracle Primavera Gateway Version 17.12.0 through 17.12.7
- Oracle Retail Service Backbone Version 16.0
- Oracle Retail Extract Transform Load Version 19.0
- Oracle Mysql Enterprise Monitor Up to Version 8.0.29
- Apache Bookkeeper Fixed in Version 4.14.3