SynopsisThe remote Ubuntu host is missing a security update.
DescriptionThe remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4495-1 advisory.
- Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpdate the affected liblog4j1.2-java package.