---

CVE-2021-35578 - log back

CVE-2021-35578 edited at 20 Oct 2021 17:26:57
Description	- Vulnerability in Java SE versions 8u301, 11.0.12, 17. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. + A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the security-libs/javax.net.ssl component. An easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise OpenJDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of OpenJDK. Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
References	+ https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19 https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA

CVE-2021-35578 edited at 20 Oct 2021 11:06:35
Description	- Vulnerability in Java SE versions 8u301, 11.0.12, 17. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. + Vulnerability in Java SE versions 8u301, 11.0.12, 17. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
Notes

CVE-2021-35578 edited at 20 Oct 2021 11:04:37
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ Vulnerability in Java SE versions 8u301, 11.0.12, 17. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. + + Note : This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
References	+ https://www.oracle.com/security-alerts/cpuoct2021verbose.html#JAVA

CVE-2021-35578 created at 20 Oct 2021 10:54:07