Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-19149

Java Gateway Vulnerability (CVE-2017-5929)

    XMLWordPrintable

    Details

    • Team:
      Team C
    • Story Points:
      1

      Description

      Report from client:

      Our internal security scanning tools have identified the following security vulnerability in the Zabbix Java Gateway component of the current release (Zabbix 5.0.4).

      Vulnerability = CVE-2017-5929
      Published = 2017-Mar-12
      Description = QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
      Product Summary = Logback is intended as a successor to the popular log4j project. Both log4j and logback were founded by the same developer. If you are already familiar with log4j, you will quickly feel at home using logback.
      File Path = /src/zabbix_java/lib/
      File Name = logback-core-0.9.27.jar

      Please update the 5.x LTS branch to use an updated version of Logback.

        Attachments

          Activity

            People

            Assignee:
            arimdjonoks Artjoms Rimdjonoks
            Reporter:
            zux Edgars Melveris
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: