In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 02:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-04-17 21:59
Updated : 2024-02-28 15:44
NVD link : CVE-2017-5645
Mitre link : CVE-2017-5645
CVE.ORG link : CVE-2017-5645
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_server_tus
- fuse
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_eus
oracle
- endeca_information_discovery_studio
- insurance_calculation_engine
- in-memory_performance-driven_planning
- communications_pricing_design_center
- insurance_policy_administration
- retail_clearance_optimization_engine
- rapid_planning
- retail_predictive_application_server
- financial_services_loan_loss_forecasting_and_provisioning
- bi_publisher
- enterprise_data_quality
- enterprise_manager_for_fusion_middleware
- goldengate
- enterprise_manager_for_peoplesoft
- primavera_gateway
- financial_services_profitability_management
- mysql_enterprise_monitor
- identity_analytics
- communications_messaging_server
- banking_platform
- communications_webrtc_session_controller
- retail_extract_transform_and_load
- enterprise_manager_for_mysql_database
- instantis_enterprisetrack
- financial_services_hedge_management_and_ifrs_valuations
- retail_integration_bus
- financial_services_lending_and_leasing
- financial_services_regulatory_reporting_with_agilereporter
- communications_network_integrity
- api_gateway
- jdeveloper
- financial_services_behavior_detection_platform
- goldengate_application_adapters
- policy_automation
- fusion_middleware_mapviewer
- utilities_advanced_spatial_and_operational_analytics
- configuration_manager
- soa_suite
- communications_converged_application_server_-_service_controller
- application_testing_suite
- enterprise_manager_base_platform
- communications_interactive_session_recorder
- weblogic_server
- peoplesoft_enterprise_fin_install
- communications_online_mediation_controller
- communications_service_broker
- identity_manager_connector
- enterprise_manager_for_oracle_database
- retail_service_backbone
- identity_management_suite
- communications_instant_messaging_server
- jd_edwards_enterpriseone_tools
- flexcube_investor_servicing
- retail_advanced_inventory_planning
- timesten_in-memory_database
- autovue_vuelink_integration
- retail_open_commerce_platform
- financial_services_analytical_applications_infrastructure
- policy_automation_connector_for_siebel
- insurance_rules_palette
- tape_library_acsls
- siebel_ui_framework
- utilities_work_and_asset_management
- policy_automation_for_mobile_devices
netapp
- service_level_manager
- oncommand_workflow_automation
- oncommand_insight
- oncommand_api_services
- snapcenter
- storage_automation_store
apache
- log4j
CWE
CWE-502
Deserialization of Untrusted Data