Lucene search

K
nvd[email protected]NVD:CVE-2017-5645
HistoryApr 17, 2017 - 9:59 p.m.

CVE-2017-5645

2017-04-1721:59:00
CWE-502
web.nvd.nist.gov
9

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.874

Percentile

98.7%

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Affected configurations

Nvd
Node
apachelog4jRange2.02.8.2
Node
netapponcommand_api_servicesMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappservice_level_managerMatch-
OR
netappsnapcenterMatch-
OR
netappstorage_automation_storeMatch-
Node
redhatfuseMatch1.0
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch6.7
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch7.3
OR
redhatenterprise_linuxMatch7.4
OR
redhatenterprise_linuxMatch7.5
OR
redhatenterprise_linuxMatch7.6
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_eusMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.5
OR
redhatenterprise_linux_server_eusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_workstationMatch7.0
Node
oracleapi_gatewayMatch11.1.2.4.0
OR
oracleapplication_testing_suiteMatch13.3.0.1
OR
oracleautovue_vuelink_integrationMatch21.0.0
OR
oracleautovue_vuelink_integrationMatch21.0.1
OR
oraclebanking_platformMatch2.6.0
OR
oraclebanking_platformMatch2.6.1
OR
oraclebanking_platformMatch2.6.2
OR
oraclebi_publisherMatch11.1.1.7.0
OR
oraclebi_publisherMatch11.1.1.9.0
OR
oraclebi_publisherMatch12.2.1.3.0
OR
oraclebi_publisherMatch12.2.1.4.0
OR
oraclecommunications_converged_application_server_-_service_controllerMatch6.1
OR
oraclecommunications_instant_messaging_serverMatch10.0.1.3.0
OR
oraclecommunications_interactive_session_recorderRange6.06.2
OR
oraclecommunications_messaging_serverRange<8.0.2
OR
oraclecommunications_network_integrityRange7.3.27.3.6
OR
oraclecommunications_online_mediation_controllerMatch6.1
OR
oraclecommunications_pricing_design_centerMatch11.1
OR
oraclecommunications_pricing_design_centerMatch12.0
OR
oraclecommunications_service_brokerMatch6.0
OR
oraclecommunications_webrtc_session_controllerRange<7.2
OR
oracleconfiguration_managerMatch12.1.2.0.2
OR
oracleconfiguration_managerMatch12.1.2.0.5
OR
oracleendeca_information_discovery_studioMatch3.2.0
OR
oracleenterprise_data_qualityMatch12.2.1.3.0
OR
oracleenterprise_manager_base_platformMatch12.1.0.5
OR
oracleenterprise_manager_base_platformMatch13.2.0.0
OR
oracleenterprise_manager_for_fusion_middlewareMatch12.1.0.5
OR
oracleenterprise_manager_for_fusion_middlewareMatch13.2.0.0
OR
oracleenterprise_manager_for_mysql_databaseRange13.2.2.0.0
OR
oracleenterprise_manager_for_oracle_databaseMatch12.1.0.8
OR
oracleenterprise_manager_for_oracle_databaseMatch13.2.2
OR
oracleenterprise_manager_for_peoplesoftMatch13.1.1.1
OR
oracleenterprise_manager_for_peoplesoftMatch13.2.1.1
OR
oraclefinancial_services_analytical_applications_infrastructureRange7.3.3.0.07.3.3.0.2
OR
oraclefinancial_services_analytical_applications_infrastructureRange8.0.0.0.08.0.7.0.0
OR
oraclefinancial_services_behavior_detection_platformRange8.0.0.0.08.0.4.0.0
OR
oraclefinancial_services_behavior_detection_platformMatch6.1.1
OR
oraclefinancial_services_hedge_management_and_ifrs_valuationsMatch8.0.4
OR
oraclefinancial_services_hedge_management_and_ifrs_valuationsMatch8.0.5
OR
oraclefinancial_services_lending_and_leasingRange14.1.014.8.0
OR
oraclefinancial_services_lending_and_leasingMatch12.5.0
OR
oraclefinancial_services_loan_loss_forecasting_and_provisioningMatch8.0.4
OR
oraclefinancial_services_loan_loss_forecasting_and_provisioningMatch8.0.5
OR
oraclefinancial_services_profitability_managementRange8.0.0.0.08.0.7.0.0
OR
oraclefinancial_services_profitability_managementMatch6.1.1
OR
oraclefinancial_services_regulatory_reporting_with_agilereporterMatch8.0.9.2.0
OR
oracleflexcube_investor_servicingMatch12.0.4
OR
oracleflexcube_investor_servicingMatch12.1.0
OR
oracleflexcube_investor_servicingMatch12.3.0
OR
oracleflexcube_investor_servicingMatch12.4.0
OR
oracleflexcube_investor_servicingMatch14.0.0
OR
oraclefusion_middleware_mapviewerMatch12.2.1.2
OR
oraclefusion_middleware_mapviewerMatch12.2.1.3
OR
oraclegoldengateMatch12.3.2.1.1
OR
oraclegoldengate_application_adaptersMatch12.3.2.1.1
OR
oracleidentity_analyticsMatch11.1.1.5.8
OR
oracleidentity_management_suiteMatch11.1.2.3.0
OR
oracleidentity_management_suiteMatch12.2.1.3.0
OR
oracleidentity_manager_connectorMatch9.0
OR
oraclein-memory_performance-driven_planningMatch12.1
OR
oraclein-memory_performance-driven_planningMatch12.2
OR
oracleinstantis_enterprisetrackRange17.117.3
OR
oracleinsurance_calculation_engineMatch10.1.1
OR
oracleinsurance_calculation_engineMatch10.2.1
OR
oracleinsurance_policy_administrationMatch10.0
OR
oracleinsurance_policy_administrationMatch10.1
OR
oracleinsurance_policy_administrationMatch10.2
OR
oracleinsurance_policy_administrationMatch11.0
OR
oracleinsurance_rules_paletteMatch10.0
OR
oracleinsurance_rules_paletteMatch10.1
OR
oracleinsurance_rules_paletteMatch10.2
OR
oracleinsurance_rules_paletteMatch11.0
OR
oracleinsurance_rules_paletteMatch11.1
OR
oraclejd_edwards_enterpriseone_toolsMatch4.0.1.0
OR
oraclejd_edwards_enterpriseone_toolsMatch9.2
OR
oraclejdeveloperMatch11.1.1.9.0
OR
oraclejdeveloperMatch12.1.3.0.0
OR
oraclejdeveloperMatch12.2.1.3.0
OR
oraclemysql_enterprise_monitorRange3.4.0.03.4.7.4297
OR
oraclemysql_enterprise_monitorRange4.0.0.04.0.4.5235
OR
oraclemysql_enterprise_monitorRange8.0.0.0.08.0.0.8131
OR
oraclepeoplesoft_enterprise_fin_installMatch9.2
OR
oraclepolicy_automationMatch10.4.7
OR
oraclepolicy_automationMatch12.1.0
OR
oraclepolicy_automationMatch12.1.1
OR
oraclepolicy_automationMatch12.2.0
OR
oraclepolicy_automationMatch12.2.1
OR
oraclepolicy_automationMatch12.2.2
OR
oraclepolicy_automationMatch12.2.3
OR
oraclepolicy_automationMatch12.2.4
OR
oraclepolicy_automationMatch12.2.5
OR
oraclepolicy_automationMatch12.2.6
OR
oraclepolicy_automationMatch12.2.7
OR
oraclepolicy_automationMatch12.2.8
OR
oraclepolicy_automationMatch12.2.9
OR
oraclepolicy_automationMatch12.2.10
OR
oraclepolicy_automation_connector_for_siebelMatch10.4.6
OR
oraclepolicy_automation_for_mobile_devicesMatch10.4.7
OR
oraclepolicy_automation_for_mobile_devicesMatch12.1.0
OR
oraclepolicy_automation_for_mobile_devicesMatch12.1.1
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.0
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.1
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.2
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.3
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.4
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.5
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.6
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.7
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.8
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.9
OR
oraclepolicy_automation_for_mobile_devicesMatch12.2.10
OR
oracleprimavera_gatewayRange16.2.016.2.11
OR
oracleprimavera_gatewayRange17.12.017.12.7
OR
oraclerapid_planningMatch12.1
OR
oraclerapid_planningMatch12.2
OR
oracleretail_advanced_inventory_planningMatch14.0
OR
oracleretail_advanced_inventory_planningMatch15.0
OR
oracleretail_clearance_optimization_engineMatch14.0.5
OR
oracleretail_extract_transform_and_loadMatch13.0
OR
oracleretail_extract_transform_and_loadMatch13.1
OR
oracleretail_extract_transform_and_loadMatch13.2
OR
oracleretail_extract_transform_and_loadMatch19.0
OR
oracleretail_integration_busMatch14.0.0
OR
oracleretail_integration_busMatch14.1.0
OR
oracleretail_integration_busMatch15.0
OR
oracleretail_integration_busMatch16.0
OR
oracleretail_open_commerce_platformMatch5.3.0
OR
oracleretail_open_commerce_platformMatch6.0.0
OR
oracleretail_open_commerce_platformMatch6.0.1
OR
oracleretail_predictive_application_serverMatch15.0.3
OR
oracleretail_service_backboneMatch14.1
OR
oracleretail_service_backboneMatch15.0
OR
oracleretail_service_backboneMatch16.0
OR
oraclesiebel_ui_frameworkMatch18.7
OR
oraclesiebel_ui_frameworkMatch18.8
OR
oraclesiebel_ui_frameworkMatch18.9
OR
oraclesoa_suiteMatch12.1.3.0.0
OR
oraclesoa_suiteMatch12.2.1.3.0
OR
oraclesoa_suiteMatch12.2.2.0.0
OR
oracletape_library_acslsMatch8.4
OR
oracletimesten_in-memory_databaseMatch11.2.2.8.49
OR
oracleutilities_advanced_spatial_and_operational_analyticsMatch2.7.0.1
OR
oracleutilities_work_and_asset_managementMatch1.9.1.2.12
OR
oracleweblogic_serverMatch10.3.6.0.0
OR
oracleweblogic_serverMatch12.1.3.0.0
OR
oracleweblogic_serverMatch12.2.1.3.0
OR
oracleweblogic_serverMatch12.2.1.4.0
OR
oracleweblogic_serverMatch14.1.1.0.0
VendorProductVersionCPE
apachelog4j*cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
netapponcommand_api_services-cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
netapponcommand_insight-cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapponcommand_workflow_automation-cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netappservice_level_manager-cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
netappsnapcenter-cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netappstorage_automation_store-cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
redhatfuse1.0cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux6.7cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
Rows per page:
1-10 of 1701

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.874

Percentile

98.7%