Vulnerable Libraries - logback-classic-1.1.9.jar, logback-classic-1.1.11.jar, logback-classic-1.1.1.jar, logback-core-1.1.3.jar, logback-core-1.1.9.jar, logback-core-1.0.0.jar, logback-core-1.1.1.jar, logback-core-1.1.11.jar, logback-classic-1.0.0.jar, logback-classic-1.1.3.jar
logback-classic-1.1.9.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.9/978cd9fbb43b7abed6379d7b02de052d216e30fc/logback-classic-1.1.9.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.9/978cd9fbb43b7abed6379d7b02de052d216e30fc/logback-classic-1.1.9.jar
Dependency Hierarchy:
- ❌ logback-classic-1.1.9.jar (Vulnerable Library)
logback-classic-1.1.11.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/springboot/springboot.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.11/ccedfbacef4a6515d2983e3f89ed753d5d4fb665/logback-classic-1.1.11.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.11/ccedfbacef4a6515d2983e3f89ed753d5d4fb665/logback-classic-1.1.11.jar
Dependency Hierarchy:
- spring-boot-starter-web-1.5.18.RELEASE.jar (Root Library)
- spring-boot-starter-1.5.18.RELEASE.jar
- spring-boot-starter-logging-1.5.18.RELEASE.jar
- ❌ logback-classic-1.1.11.jar (Vulnerable Library)
logback-classic-1.1.1.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/instrumentation/play-2.3/play-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.1/19e1e2be2670b33c5dcc835550527028dddddcd1/logback-classic-1.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.1/19e1e2be2670b33c5dcc835550527028dddddcd1/logback-classic-1.1.1.jar
Dependency Hierarchy:
- dropwizard-views-0.7.0.jar (Root Library)
- dropwizard-core-0.7.0.jar
- dropwizard-logging-0.7.0.jar
- ❌ logback-classic-1.1.1.jar (Vulnerable Library)
logback-core-1.1.3.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.3/e3c02049f2dbbc764681b40094ecf0dcbc99b157/logback-core-1.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.3/e3c02049f2dbbc764681b40094ecf0dcbc99b157/logback-core-1.1.3.jar
Dependency Hierarchy:
- play_2.11-2.4.0.jar (Root Library)
- ❌ logback-core-1.1.3.jar (Vulnerable Library)
logback-core-1.1.9.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.9/e05d0cb67220937c32d7b4e5a47f967605376f63/logback-core-1.1.9.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.9/e05d0cb67220937c32d7b4e5a47f967605376f63/logback-core-1.1.9.jar
Dependency Hierarchy:
- ❌ logback-core-1.1.9.jar (Vulnerable Library)
logback-core-1.0.0.jar
Logback: the generic, reliable, fast and flexible logging library for Java.
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.0.0/b2893bbe71342232031f97faa1cf7bb4d99faced/logback-core-1.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.0.0/b2893bbe71342232031f97faa1cf7bb4d99faced/logback-core-1.0.0.jar
Dependency Hierarchy:
- logback-classic-1.0.0.jar (Root Library)
- ❌ logback-core-1.0.0.jar (Vulnerable Library)
logback-core-1.1.1.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.1/6d9866eb3f38b66530d7b1d41526228df3e9d963/logback-core-1.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.1/6d9866eb3f38b66530d7b1d41526228df3e9d963/logback-core-1.1.1.jar
Dependency Hierarchy:
- dropwizard-views-0.7.0.jar (Root Library)
- dropwizard-core-0.7.0.jar
- dropwizard-logging-0.7.0.jar
- ❌ logback-core-1.1.1.jar (Vulnerable Library)
logback-core-1.1.11.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/springboot/springboot.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.11/88b8df40340eed549fb07e2613879bf6b006704d/logback-core-1.1.11.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.11/88b8df40340eed549fb07e2613879bf6b006704d/logback-core-1.1.11.jar
Dependency Hierarchy:
- spring-boot-starter-web-1.5.18.RELEASE.jar (Root Library)
- spring-boot-starter-1.5.18.RELEASE.jar
- spring-boot-starter-logging-1.5.18.RELEASE.jar
- logback-classic-1.1.11.jar
- ❌ logback-core-1.1.11.jar (Vulnerable Library)
logback-classic-1.0.0.jar
Logback: the reliable, generic, fast and flexible logging library for Java.
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.0.0/2577f6b69bbab34bb55634a4500b1b877aeffb7c/logback-classic-1.0.0.jar,/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.0.0/2577f6b69bbab34bb55634a4500b1b877aeffb7c/logback-classic-1.0.0.jar
Dependency Hierarchy:
- ❌ logback-classic-1.0.0.jar (Vulnerable Library)
logback-classic-1.1.3.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.3/d90276fff414f06cb375f2057f6778cd63c6082f/logback-classic-1.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.3/d90276fff414f06cb375f2057f6778cd63c6082f/logback-classic-1.1.3.jar
Dependency Hierarchy:
- play_2.11-2.4.0.jar (Root Library)
- ❌ logback-classic-1.1.3.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
Release Date: 2017-03-13
Fix Resolution (ch.qos.logback:logback-classic): 1.2.0
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE
Fix Resolution (ch.qos.logback:logback-classic): 1.2.0
Direct dependency fix Resolution (io.dropwizard:dropwizard-views): 1.3.0
Fix Resolution (ch.qos.logback:logback-core): 1.1.6
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0
Fix Resolution (ch.qos.logback:logback-core): 1.0.3
Direct dependency fix Resolution (ch.qos.logback:logback-classic): 1.0.3
Fix Resolution (ch.qos.logback:logback-core): 1.1.2
Direct dependency fix Resolution (io.dropwizard:dropwizard-views): 0.7.1
Fix Resolution (ch.qos.logback:logback-classic): 1.2.0
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0
CVE-2017-5929 - High Severity Vulnerability
logback-classic-1.1.9.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.9/978cd9fbb43b7abed6379d7b02de052d216e30fc/logback-classic-1.1.9.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.9/978cd9fbb43b7abed6379d7b02de052d216e30fc/logback-classic-1.1.9.jar
Dependency Hierarchy:
logback-classic-1.1.11.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/springboot/springboot.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.11/ccedfbacef4a6515d2983e3f89ed753d5d4fb665/logback-classic-1.1.11.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.11/ccedfbacef4a6515d2983e3f89ed753d5d4fb665/logback-classic-1.1.11.jar
Dependency Hierarchy:
logback-classic-1.1.1.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/instrumentation/play-2.3/play-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.1/19e1e2be2670b33c5dcc835550527028dddddcd1/logback-classic-1.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.1/19e1e2be2670b33c5dcc835550527028dddddcd1/logback-classic-1.1.1.jar
Dependency Hierarchy:
logback-core-1.1.3.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.3/e3c02049f2dbbc764681b40094ecf0dcbc99b157/logback-core-1.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.3/e3c02049f2dbbc764681b40094ecf0dcbc99b157/logback-core-1.1.3.jar
Dependency Hierarchy:
logback-core-1.1.9.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.9/e05d0cb67220937c32d7b4e5a47f967605376f63/logback-core-1.1.9.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.9/e05d0cb67220937c32d7b4e5a47f967605376f63/logback-core-1.1.9.jar
Dependency Hierarchy:
logback-core-1.0.0.jar
Logback: the generic, reliable, fast and flexible logging library for Java.
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.0.0/b2893bbe71342232031f97faa1cf7bb4d99faced/logback-core-1.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.0.0/b2893bbe71342232031f97faa1cf7bb4d99faced/logback-core-1.0.0.jar
Dependency Hierarchy:
logback-core-1.1.1.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.1/6d9866eb3f38b66530d7b1d41526228df3e9d963/logback-core-1.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.1/6d9866eb3f38b66530d7b1d41526228df3e9d963/logback-core-1.1.1.jar
Dependency Hierarchy:
logback-core-1.1.11.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/springboot/springboot.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.11/88b8df40340eed549fb07e2613879bf6b006704d/logback-core-1.1.11.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-core/1.1.11/88b8df40340eed549fb07e2613879bf6b006704d/logback-core-1.1.11.jar
Dependency Hierarchy:
logback-classic-1.0.0.jar
Logback: the reliable, generic, fast and flexible logging library for Java.
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.0.0/2577f6b69bbab34bb55634a4500b1b877aeffb7c/logback-classic-1.0.0.jar,/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.0.0/2577f6b69bbab34bb55634a4500b1b877aeffb7c/logback-classic-1.0.0.jar
Dependency Hierarchy:
logback-classic-1.1.3.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.3/d90276fff414f06cb375f2057f6778cd63c6082f/logback-classic-1.1.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/ch.qos.logback/logback-classic/1.1.3/d90276fff414f06cb375f2057f6778cd63c6082f/logback-classic-1.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Publish Date: 2017-03-13
URL: CVE-2017-5929
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
Release Date: 2017-03-13
Fix Resolution (ch.qos.logback:logback-classic): 1.2.0
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE
Fix Resolution (ch.qos.logback:logback-classic): 1.2.0
Direct dependency fix Resolution (io.dropwizard:dropwizard-views): 1.3.0
Fix Resolution (ch.qos.logback:logback-core): 1.1.6
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0
Fix Resolution (ch.qos.logback:logback-core): 1.0.3
Direct dependency fix Resolution (ch.qos.logback:logback-classic): 1.0.3
Fix Resolution (ch.qos.logback:logback-core): 1.1.2
Direct dependency fix Resolution (io.dropwizard:dropwizard-views): 0.7.1
Fix Resolution (ch.qos.logback:logback-classic): 1.2.0
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0
⛑️ Automatic Remediation is available for this issue