apache log4j CVE-2017-5645 vulnerability in Apache and Other Products
Published on April 17, 2017

product logo product logo product logo product logo product logo
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2017-5645 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2017-5645 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2017-5645

You can be notified by stack.watch whenever vulnerabilities like CVE-2017-5645 are published in these products:

Apache Log4j
 
NetApp Oncommand Api Services
 
NetApp Oncommand Insight
 
NetApp Oncommand Workflow Automation
 
NetApp Service Level Manager
 
NetApp Snapcenter
 
NetApp Storage Automation Store
 
Oracle Api Gateway
 
Oracle Autovue Vuelink Integration
 
Oracle Banking Platform
 
Oracle Bi Publisher
 
Oracle Communications Converged Application Server Service Controller
 
Oracle Communications Messaging Server
 
Oracle Communications Online Mediation Controller
 
Oracle Communications Pricing Design Center
 
Oracle Communications Service Broker
 
Oracle Communications Webrtc Session Controller
 
Oracle Configuration Manager
 
Oracle Enterprise Data Quality
 
Oracle Enterprise Manager Base Platform
 
Oracle Enterprise Manager Fusion Middleware
 
Oracle Enterprise Manager Mysql Database
 
Enterprise Manager Oracle Database
 
Oracle Enterprise Manager Peoplesoft
 
Oracle Financial Services Analytical Applications Infrastructure
 
Oracle Financial Services Behavior Detection Platform
 
Oracle Financial Services Hedge Management Ifrs Valuations
 
Oracle Financial Services Loan Loss Forecasting Provisioning
 
Oracle Financial Services Profitability Management
 
Oracle Flexcube Investor Servicing
 
Oracle Fusion Middleware Mapviewer
 
Oracle Goldengate Application Adapters
 
Oracle Identity Analytics
 
Oracle Identity Management Suite
 
Oracle Insurance Calculation Engine
 
Oracle Insurance Policy Administration
 
Oracle Insurance Rules Palette
 
Oracle Jdeveloper
 
Oracle Jd Edwards Enterpriseone Tools
 
Oracle Mysql Enterprise Monitor
 
Oracle Peoplesoft Enterprise Fin Install
 
Oracle Policy Automation
 
Oracle Policy Automation Connector Siebel
 
Oracle Policy Automation Mobile Devices
 
Oracle Retail Clearance Optimization Engine
 
Oracle Retail Extract Transform Load
 
Oracle Retail Integration Bus
 
Oracle Retail Open Commerce Platform
 
Oracle Retail Predictive Application Server
 
Oracle Siebel Ui Framework
 
Oracle Soa Suite
 
Oracle Tape Library Acsls
 
Oracle Utilities Work Asset Management
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Eus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 
Red Hat Fuse
 
Oracle Application Testing Suite
 
Oracle Communications Instant Messaging Server
 
Oracle Communications Interactive Session Recorder
 
Oracle Communications Network Integrity
 
Oracle Endeca Information Discovery Studio
 
Oracle Financial Services Lending Leasing
 
Oracle Financial Services Regulatory Reporting With Agilereporter
 
Oracle Goldengate
 
Oracle Identity Manager Connector
 
Oracle Memory Performance Driven Planning
 
Oracle Instantis Enterprisetrack
 
Oracle Primavera Gateway
 
Oracle Rapid Planning
 
Oracle Retail Advanced Inventory Planning
 
Oracle Retail Service Backbone
 
Oracle Timesten In Memory Database
 
Oracle Utilities Advanced Spatial Operational Analytics
 
Oracle Weblogic Server
 
Netty
 

What versions are vulnerable to CVE-2017-5645?