← voltar
CVE-2017-5645

CVE-2017-5645

EPSS 89.0%
Vexday Risk Score
40Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 89.0%KEV nãoPoC Nuclei simMetasploit Patch referenciado
Ciclo de vida
17 abr 2017Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Produtos afetados
Apache Software Foundation · Apache Log4j

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2017:1417https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:2423https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2808https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2810