Lucene search

K
cvelistApacheCVELIST:CVE-2017-5645
HistoryApr 17, 2017 - 9:00 p.m.

CVE-2017-5645

2017-04-1721:00:00
apache
www.cve.org
7

AI Score

9.6

Confidence

High

EPSS

0.874

Percentile

98.7%

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CNA Affected

[
  {
    "product": "Apache Log4j",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "All versions between 2.0-alpha1 and 2.8.1"
      }
    ]
  }
]

References