CVE-2017-5645

CVE-2017-5645

EPSS 89.0%

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Affected products

Apache Software Foundation · Apache Log4j

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2017:1417 https://access.redhat.com/errata/RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:2423 https://access.redhat.com/errata/RHSA-2017:2633 https://access.redhat.com/errata/RHSA-2017:2635 https://access.redhat.com/errata/RHSA-2017:2636 https://access.redhat.com/errata/RHSA-2017:2637 https://access.redhat.com/errata/RHSA-2017:2638 https://access.redhat.com/errata/RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2810