CVE-2017-5645
CVE-2017-5645
Vexday Risk Score
40Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 89.0%KEV nãoPoC —Nuclei simMetasploit —Patch referenciado
Lifecycle
17 Apr 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Affected products
Apache Software Foundation · Apache Log4jWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2017:1417https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:2423https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2808https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2810