CVE-2019-17571 vulnerability in Apache and Other Products
Published on December 20, 2019






Vulnerability Analysis
CVE-2019-17571 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2019-17571 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2019-17571
You can be notified by stack.watch whenever vulnerabilities like CVE-2019-17571 are published in these products:
What versions are vulnerable to CVE-2019-17571?
-
Apache Log4j Up to Version 1.2.17
-
Debian Linux Version 8.0
-
Debian Linux Version 9.0
-
Debian Linux Version 10.0
-
Canonical Ubuntu Linux Version 18.04
-
OpenSuse Leap Version 15.1
-
NetApp Oncommand Workflow Automation Version -
-
NetApp Oncommand System Manager Version 3.0 through 3.1.3
-
Oracle Retail Service Backbone Version 14.1
-
Oracle Weblogic Server Version 12.1.3.0.0
-
Oracle Retail Service Backbone Version 15.0
-
Oracle Weblogic Server Version 10.3.6.0.0
-
Oracle Weblogic Server Version 12.2.1.3.0
-
Oracle Application Testing Suite Version 13.3.0.1
-
Oracle Endeca Information Discovery Studio Version 3.2.0
-
Oracle Weblogic Server Version 12.2.1.4.0
-
Oracle Weblogic Server Version 14.1.1.0.0
-
Oracle Rapid Planning Version 12.1
-
Oracle Rapid Planning Version 12.2
-
Oracle Financial Services Lending Leasing Version 14.1.0 through 14.8.0
-
Oracle Financial Services Lending Leasing Version 12.5.0
-
Oracle Communications Network Integrity Version 7.3.2 through 7.3.6
-
Oracle Primavera Gateway Version 16.2 through 16.2.11
-
Oracle Primavera Gateway Version 17.12.0 through 17.12.7
-
Oracle Retail Service Backbone Version 16.0
-
Oracle Retail Extract Transform Load Version 19.0
-
Oracle Mysql Enterprise Monitor Up to Version 8.0.29
-
Apache Bookkeeper Fixed in Version 4.14.3