[ZBX-19149] Java Gateway Vulnerability (CVE-2017-5929) Created: 2020 Oct 12  Updated: 2024 Apr 10  Resolved: 2021 Mar 26

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Java gateway (J)
Affects Version/s: 5.0.8
Fix Version/s: 4.0.30rc1, 5.0.10rc1, 5.2.6rc1, 5.4.0beta1, 5.4 (plan)

Type: Problem report Priority: Major
Reporter: Edgars Melveris Assignee: Artjoms Rimdjonoks
Resolution: Fixed Votes: 0
Labels: security, vulnerability
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Team: Team C
Story Points: 1

 Description   

Report from client:

Our internal security scanning tools have identified the following security vulnerability in the Zabbix Java Gateway component of the current release (Zabbix 5.0.4).

Vulnerability = CVE-2017-5929
Published = 2017-Mar-12
Description = QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Product Summary = Logback is intended as a successor to the popular log4j project. Both log4j and logback were founded by the same developer. If you are already familiar with log4j, you will quickly feel at home using logback.
File Path = /src/zabbix_java/lib/
File Name = logback-core-0.9.27.jar

Please update the 5.x LTS branch to use an updated version of Logback.

 Comments   
Comment by Artjoms Rimdjonoks [ 2021 Feb 25 ]

Available in versions:

Updated documentation:

Generated at Thu Jun 26 07:20:32 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.