CVE-2017-5929

CRITICAL

Logback < 1.2.0 - Deserialization of Untrusted Data in SocketServer and ServerSocketReceiver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-5929. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains the vulnerable source code of Logback (specifically logback-access) related to CVE-2017-5929, which involves a deserialization vulnerability. The files include the original Java source code, build configurations, and documentation, but no functional exploit code is present.

Description

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

Exploits (2)

nomisec WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-5929-logback-vulnerable

This repository contains the vulnerable source code of Logback (specifically logback-access) related to CVE-2017-5929, which involves a deserialization vulnerability. The files include the original Java source code, build configurations, and documentation, but no functional exploit code is present.

Classification
Writeup 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Theoretical
Target: Logback (logback-access) versions prior to the fix for CVE-2017-5929
No auth needed
Prerequisites: Vulnerable Logback version · Ability to send crafted serialized data to the target
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-5929-logback-vulnerable

This repository contains a vulnerable version of Logback (CVE-2017-5929), specifically targeting the logback-access module. The code includes the vulnerable components, such as PatternLayout and JaninoEventEvaluator, which are known to be exploitable for remote code execution (RCE) via crafted configuration files.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Logback (logback-access) versions prior to 1.2.0
No auth needed
Prerequisites: Access to a vulnerable Logback instance with logback-access enabled · Ability to send crafted HTTP requests or configuration files
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (21)

Core 21
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1832
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1675
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2927
Release Notes, Vendor Advisory x_refsource_confirm
https://logback.qos.ch/news.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1676

Scores

CVSS v3 9.8
EPSS 0.1014
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (5)
ch.qos.logback/logback-classic 0 - 1.2.0Maven
ch.qos.logback/logback-core 0 - 1.2.0Maven
qos/logback < 1.2.0
redhat/satellite 6.4
redhat/satellite_capsule 6.4
Published Mar 13, 2017
Tracked Since Feb 18, 2026