CVE-2017-5645

Description from NVD

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Information Acquisition Date:2023-04-18T14:43Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://issues.apache.org/jira/browse/LOG4J2-1863
     source:CONFIRM
     tags:Issue Tracking    Vendor Advisory    
 97702
     source:BID
     tags:Third Party Advisory    VDB Entry    
 RHSA-2017:3244
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2889
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2888
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2811
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2810
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2809
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2808
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:3400
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:3399
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2638
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2637
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2636
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2635
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2633
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:2423
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:1802
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:1801
     source:REDHAT
     tags:Third Party Advisory    
 RHSA-2017:1417
     source:REDHAT
     tags:Third Party Advisory    
 1040200
     source:SECTRACK
     tags:Third Party Advisory    VDB Entry    
 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
     source:CONFIRM
     tags:Patch    
 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
     source:CONFIRM
     tags:Patch    
 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
     source:CONFIRM
     tags:Patch    
 https://security.netapp.com/advisory/ntap-20180726-0002/
     source:CONFIRM
     tags:Third Party Advisory    
 1041294
     source:SECTRACK
     tags:Third Party Advisory    VDB Entry    
 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
     source:CONFIRM
     tags:Patch    Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20181107-0002/
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
     source:CONFIRM
     tags:Patch    Third Party Advisory    
 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
     source:MISC
     tags:Patch    Third Party Advisory    
 RHSA-2019:1545
     source:REDHAT
     tags:Third Party Advisory    
 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
     source:MISC
     tags:Patch    Third Party Advisory    
 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
     source:MISC
     tags:Patch    Third Party Advisory    
 [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujan2020.html
     source:MISC
     tags:Third Party Advisory    
 [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 N/A
     source:N/A
     tags:Third Party Advisory    
 [logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujul2020.html
     source:MISC
     tags:Third Party Advisory    
 [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuoct2020.html
     source:MISC
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujan2021.html
     source:MISC
     tags:Third Party Advisory    
 [doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuApr2021.html
     source:MISC
     tags:Third Party Advisory    
 [beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuoct2021.html
     source:MISC
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujan2022.html
     source:MISC
     tags:Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(2 tweets) MySQL(4 tweets) Oracle(124 tweets) Weblogic(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...246
http://patrowl.io165
https://github.com/pimps/CVE-2017-56453

▼ Show Information from Twitter(253)

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com246
patrowl.io165
github.com3

▼ Show Information from Twitter(253)

GitHub Search Results: Up to 10
NameURL
pimps/CVE-2017-5645 https://github.com/pimps/CVE-2017-5645
HynekPetrak/log4shell-finder https://github.com/HynekPetrak/log4shell-finder
GitHub Search Results: Up to 10
NameURL
pimps/CVE-2017-5645 github.com
HynekPetrak/log4shell-finder github.com
2023/04/18 Score : 0
Added Har-sia Database : 2020/03/13
Last Modified : 2023/04/18
Highest Scored Date : 2023/03/02
Highest Score : 33