Vulnerability Details : CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2017-5645
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise MonitorVersions from including (>=) 4.0.0.0 and up to, including, (<=) 4.0.4.5235cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise MonitorVersions from including (>=) 3.4.0.0 and up to, including, (<=) 3.4.7.4297cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise MonitorVersions from including (>=) 8.0.0.0.0 and up to, including, (<=) 8.0.0.8131cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*
- Oracle » Financial Services Profitability ManagementVersions from including (>=) 8.0.0.0.0 and up to, including, (<=) 8.0.7.0.0cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 8.0.0.0.0 and up to, including, (<=) 8.0.7.0.0cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 7.3.3.0.0 and up to, including, (<=) 7.3.3.0.2cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*
- Oracle » Financial Services Behavior Detection PlatformVersions from including (>=) 8.0.0.0.0 and up to, including, (<=) 8.0.4.0.0cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*
- Oracle » Communications Interactive Session RecorderVersions from including (>=) 6.0 and up to, including, (<=) 6.2cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
- Oracle » Instantis EnterprisetrackVersions from including (>=) 17.1 and up to, including, (<=) 17.3cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
- Oracle » Communications Network IntegrityVersions from including (>=) 7.3.2 and up to, including, (<=) 7.3.6cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*
- Oracle » Financial Services Lending And LeasingVersions from including (>=) 14.1.0 and up to, including, (<=) 14.8.0cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
Threat overview for CVE-2017-5645
Top countries where our scanners detected CVE-2017-5645
Top open port discovered on systems with this issue
53
IPs affected by CVE-2017-5645 676,083
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-5645!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-5645
87.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5645
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-5645
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5645
-
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2809
RHSA-2017:2809 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E
[jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2020.html
Oracle Critical Patch Update Advisory - January 2020Third Party Advisory
-
https://issues.apache.org/jira/browse/LOG4J2-1863
[LOG4J2-1863] Add support for filtering input in TcpSocketServer and UdpSocketServer - ASF JIRAIssue Tracking;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020Third Party Advisory
-
http://www.securityfocus.com/bid/97702
Apache Log4j CVE-2017-5645 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3Cgithub.beam.apache.org%3E
[GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1545
RHSA-2019:1545 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2811
RHSA-2017:2811 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3Cgithub.beam.apache.org%3E
[GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2423
RHSA-2017:2423 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2808
RHSA-2017:2808 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch
-
https://access.redhat.com/errata/RHSA-2017:2810
RHSA-2017:2810 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3Cissues.activemq.apache.org%3E
[jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Page not found | OraclePatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2638
RHSA-2017:2638 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E
[jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1801
RHSA-2017:1801 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018Patch
-
https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3Cgithub.beam.apache.org%3E
[GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E
[jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E
[jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3400
RHSA-2017:3400 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2637
RHSA-2017:2637 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E
[jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E
[jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3244
RHSA-2017:3244 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3Ccommits.logging.apache.org%3E
svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html - Pony MailMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/12/19/2
oss-security - [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServerMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E
[jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1802
RHSA-2017:1802 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2889
RHSA-2017:2889 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2635
RHSA-2017:2635 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3Cgithub.beam.apache.org%3E
[GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Third Party Advisory
-
https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2888
RHSA-2017:2888 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E
[jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E
[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E
[jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E
[CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2633
RHSA-2017:2633 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3Cissues.activemq.apache.org%3E
[jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E
[jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E
[jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] - Pony MailMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20180726-0002/
July 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E
[jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3Cissues.activemq.apache.org%3E
[jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E
[jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] - Pony MailMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1040200
Oracle Communications Applications Multiple Bugs Let Remote Users Access and Modify Data and Gain Elevated Privileges and Let Remote Authenticated Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3Cissues.activemq.apache.org%3E
[jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Third Party Advisory
-
https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E
Re: Is there any chance that there will be a security fix for log4j-v1.2.17? - Pony MailMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch
-
https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E
[jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
[GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2636
RHSA-2017:2636 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3Cgithub.beam.apache.org%3E
[GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E
Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E
Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20181107-0002/
CVE-2017-5645 Apache Log4j Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E
[jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E
[jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3399
RHSA-2017:3399 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E
[jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E
[jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3Cissues.beam.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1041294
MySQL Multiple Flaws Let Remote Users Access and Gain Elevated Privileges, Remote Authenticated and Local Users Deny Service, and Remote Authenticated Users Modify Data - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1417
RHSA-2017:1417 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3Ccommits.doris.apache.org%3E
[GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue - Pony MailMailing List;Third Party Advisory
Jump to