Intrusion Prevention

Apache.Log4j.SocketServer.Insecure.Deserialization

Description

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Apache Software Foundation Log4j.
The vulnerability is due to deserialization of untrusted data while having a vulnerable version of the JRE library. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution with privileges of the user running the application.

Affected Products

Apache Software Foundation Log4j 1.2 to 1.2.17

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2019-17571