CVE-2017-5645

HIGH

Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

ID	Name	Product	Family	Severity
138610	Oracle Application Testing Suite (Jul 2020 CPU)	Nessus	Misc.	high
138592	Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)	Nessus	Misc.	high
138526	Oracle Primavera Gateway (Jul 2020 CPU)	Nessus	CGI abuses	high
133268	Oracle GoldenGate for Big Data 12.3.2.1.x < 12.3.2.1.2 Apache Log4j Insecure Deserialization RCE (Jan 2019 CPU)	Nessus	Misc.	high
120948	Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU)	Nessus	Misc.	high
118330	Oracle Identity Manager Multiple Vulnerabilities (October 2018 CPU)	Nessus	Misc.	high
112177	RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)	Nessus	Red Hat Local Security Checks	high
111593	MySQL Enterprise Monitor 3.4.x < 3.4.8 / 4.0.x < 4.0.5 / 8.0.x < 8.0.1 Multiple Vulnerabilities (July 2018 CPU)	Nessus	CGI abuses	high
111352	Oracle WebCenter Portal Multiple Vulnerabilities (April 2018 CPU)	Nessus	Misc.	high
111210	Oracle Application Testing Suite Multiple Vulnerabilities (April / July 2018 CPU)	Nessus	Misc.	high
111152	Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (July 2018 CPU)	Nessus	Misc.	high
109201	Oracle WebLogic Server Multiple Vulnerabilities (April 2018 CPU)	Nessus	Misc.	high
108520	Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)	Nessus	Junos Local Security Checks	critical
106349	Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)	Nessus	Web Servers	critical
106299	Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)	Nessus	Web Servers	critical
106199	Oracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU)	Nessus	Misc.	high
105209	RHEL 6 : JBoss EAP (RHSA-2017:3399)	Nessus	Red Hat Local Security Checks	high
103527	RHEL 6 : JBoss EAP (RHSA-2017:2809)	Nessus	Red Hat Local Security Checks	high
103526	RHEL 7 : JBoss EAP (RHSA-2017:2808)	Nessus	Red Hat Local Security Checks	high
103500	RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:2811)	Nessus	Red Hat Local Security Checks	high
103072	EulerOS 2.0 SP2 : log4j (EulerOS-SA-2017-1214)	Nessus	Huawei Local Security Checks	high
103071	EulerOS 2.0 SP1 : log4j (EulerOS-SA-2017-1213)	Nessus	Huawei Local Security Checks	high
103044	RHEL 6 : jboss-ec2-eap (RHSA-2017:2638)	Nessus	Red Hat Local Security Checks	high
103043	RHEL 5 : JBoss EAP (RHSA-2017:2637)	Nessus	Red Hat Local Security Checks	high
103042	RHEL 7 : JBoss EAP (RHSA-2017:2636)	Nessus	Red Hat Local Security Checks	high
103041	RHEL 6 : JBoss EAP (RHSA-2017:2635)	Nessus	Red Hat Local Security Checks	high
102878	CentOS 7 : log4j (CESA-2017:2423)	Nessus	CentOS Local Security Checks	high
102666	Scientific Linux Security Update : log4j on SL7.x (noarch) (20170807)	Nessus	Scientific Linux Local Security Checks	high
102348	RHEL 7 : log4j (RHSA-2017:2423)	Nessus	Red Hat Local Security Checks	high
102345	Oracle Linux 7 : log4j (ELSA-2017-2423)	Nessus	Oracle Linux Local Security Checks	high
101708	Fedora 26 : log4j12 (2017-b8358cda24)	Nessus	Fedora Local Security Checks	high
101576	Fedora 26 : log4j (2017-11edc0d6c3)	Nessus	Fedora Local Security Checks	high
100746	Fedora 25 : log4j12 (2017-8348115acd)	Nessus	Fedora Local Security Checks	high
100745	Fedora 24 : log4j12 (2017-7e0ff7f73a)	Nessus	Fedora Local Security Checks	high
99988	Fedora 24 : log4j (2017-2ccfbd650a)	Nessus	Fedora Local Security Checks	high
99955	Fedora 25 : log4j (2017-511ebfa8a3)	Nessus	Fedora Local Security Checks	high

CVE-2017-5645

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0