Thomas England created FTPSERVER-500:
----------------------------------------
Summary: Security vulnerability in common/lib/log4j-1.2.17.jar
Key: FTPSERVER-500
URL: https://issues.apache.org/jira/browse/FTPSERVER-500
Project: FtpServer
Issue Type: Bug
Reporter: Thomas England
Hi, While scanning a docker image containing apache ftp it reported that:
/apache-ftpserver-1.1.1/common/lib/log4j-1.2.17.jar
has the following vulnerability ranked as critical
CVE-2019-17571
Some further info:
[https://nsfocusglobal.com/apache-log4j-deserialization-remote-code-execution-cve-2019-17571-vulnerability-threat-alert/]
Output from the Grype scan
{code:java}
NAME INSTALLED FIXED-IN VULNERABILITY
SEVERITY
bash 5.0-6ubuntu1.1 CVE-2019-18276
Low
coreutils 8.30-3ubuntu2 CVE-2016-2781
Low
gpgv 2.2.19-3ubuntu2 CVE-2019-13050
Low
krb5-locales 1.17-6ubuntu4.1 CVE-2018-5709
Negligible
libapparmor1 2.13.3-7ubuntu5.1 CVE-2016-1585
Medium
libc-bin 2.31-0ubuntu9.1 CVE-2016-10228
Negligible
libc-bin 2.31-0ubuntu9.1 CVE-2020-6096
Low
libc-bin 2.31-0ubuntu9.1 CVE-2020-29562
Low
libc-bin 2.31-0ubuntu9.1 CVE-2020-27618
Low
libc-bin 2.31-0ubuntu9.1 CVE-2019-25013
Low
libc6 2.31-0ubuntu9.1 CVE-2016-10228
Negligible
libc6 2.31-0ubuntu9.1 CVE-2020-6096
Low
libc6 2.31-0ubuntu9.1 CVE-2020-29562
Low
libc6 2.31-0ubuntu9.1 CVE-2020-27618
Low
libc6 2.31-0ubuntu9.1 CVE-2019-25013
Low
libcairo-gobject2 1.16.0-4ubuntu1 CVE-2017-9814
Low
libcairo-gobject2 1.16.0-4ubuntu1 CVE-2017-7475
Low
libcairo-gobject2 1.16.0-4ubuntu1 CVE-2019-6462
Low
libcairo-gobject2 1.16.0-4ubuntu1 CVE-2019-6461
Low
libcairo-gobject2 1.16.0-4ubuntu1 CVE-2018-18064
Low
libcairo2 1.16.0-4ubuntu1 CVE-2017-9814
Low
libcairo2 1.16.0-4ubuntu1 CVE-2017-7475
Low
libcairo2 1.16.0-4ubuntu1 CVE-2019-6462
Low
libcairo2 1.16.0-4ubuntu1 CVE-2019-6461
Low
libcairo2 1.16.0-4ubuntu1 CVE-2018-18064
Low
libcups2 2.3.1-9ubuntu1.1 CVE-2019-8842
Low
libcups2 2.3.1-9ubuntu1.1 CVE-2020-10001
Low
libflac8 1.3.3-1build1 CVE-2020-0499
Low
libgcrypt20 1.8.5-5ubuntu1 CVE-2019-12904
Low
libgif7 5.1.9-1 CVE-2018-11489
Low
libglib2.0-0 2.64.6-1~ubuntu20.04.1 CVE-2021-27218
Medium
libglib2.0-0 2.64.6-1~ubuntu20.04.1 CVE-2021-27219
Medium
libglib2.0-data 2.64.6-1~ubuntu20.04.1 CVE-2021-27218
Medium
libglib2.0-data 2.64.6-1~ubuntu20.04.1 CVE-2021-27219
Medium
libgssapi-krb5-2 1.17-6ubuntu4.1 CVE-2018-5709
Negligible
libjbig0 2.1-3.1build1 CVE-2017-9937
Negligible
libk5crypto3 1.17-6ubuntu4.1 CVE-2018-5709
Negligible
libkrb5-3 1.17-6ubuntu4.1 CVE-2018-5709
Negligible
libkrb5support0 1.17-6ubuntu4.1 CVE-2018-5709
Negligible
libnss3 2:3.49.1-1ubuntu1.5 CVE-2020-25648
Low
libpcre3 2:8.39-12build1 CVE-2017-11164
Negligible
libpcre3 2:8.39-12build1 CVE-2020-14155
Negligible
libpcre3 2:8.39-12build1 CVE-2019-20838
Low
libpython3.8 3.8.5-1~20.04.2 CVE-2021-3177
Medium
libpython3.8 3.8.5-1~20.04.2 CVE-2020-27619
Low
libpython3.8 3.8.5-1~20.04.2 CVE-2021-23336
Medium
libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2021-3177
Medium
libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2020-27619
Low
libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2021-23336
Medium
libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2021-3177
Medium
libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2020-27619
Low
libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2021-23336
Medium
libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9794
Medium
libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9991
Low
libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9849
Low
libsystemd0 245.4-4ubuntu3.4 CVE-2018-20839
Medium
libtasn1-6 4.16.0-2 CVE-2018-1000654
Negligible
libtiff5 4.1.0+git191117-2build1 CVE-2018-10126
Low
libudev1 245.4-4ubuntu3.4 CVE-2018-20839
Medium
libwebp6 0.6.1-2 CVE-2016-9085
Medium
libx11-6 2:1.6.9-2ubuntu1.1 CVE-2020-25697
Low
libx11-data 2:1.6.9-2ubuntu1.1 CVE-2020-25697
Low
libx11-xcb1 2:1.6.9-2ubuntu1.1 CVE-2020-25697
Low
libxml2 2.9.10+dfsg-5 CVE-2020-24977
Low
log4j 1.2.17 GHSA-2qrg-x229-3v8q
Medium
log4j 1.2.17 CVE-2019-17571
Critical
log4j 1.2.17 CVE-2020-9488
Low
login 1:4.8.1-1ubuntu5.20.04 CVE-2013-4235
Low
passwd 1:4.8.1-1ubuntu5.20.04 CVE-2013-4235
Low
rt 1.8.0_282 CVE-2011-0009
Medium
rt 1.8.0_282 CVE-2011-1007
Low
rt 1.8.0_282 CVE-2011-1008
Medium
rt 1.8.0_282 CVE-2011-2085
Medium
x11-common 1:7.7+19ubuntu14 CVE-2012-1093
Low
xdg-user-dirs 0.17-2ubuntu1 CVE-2017-15131
Low {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
