-
Problem report
-
Resolution: Fixed
-
Major
-
5.0.8
-
1
Report from client:
Our internal security scanning tools have identified the following security vulnerability in the Zabbix Java Gateway component of the current release (Zabbix 5.0.4).
Vulnerability = CVE-2017-5929
Published = 2017-Mar-12
Description = QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Product Summary = Logback is intended as a successor to the popular log4j project. Both log4j and logback were founded by the same developer. If you are already familiar with log4j, you will quickly feel at home using logback.
File Path = /src/zabbix_java/lib/
File Name = logback-core-0.9.27.jarPlease update the 5.x LTS branch to use an updated version of Logback.