← volver
CVE-2017-5645

CVE-2017-5645

EPSS 89.0%
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Productos afectados
Apache Software Foundation · Apache Log4j

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2017:1417https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:2423https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2808https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2810