9.8

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheLog4j Version >= 2.0 < 2.8.2
NetappOncommand Insight Version-
NetappSnapcenter Version-
RedhatFuse Version1.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version6.7
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version7.3
RedhatEnterprise Linux Version7.4
RedhatEnterprise Linux Version7.5
RedhatEnterprise Linux Version7.6
OracleApi Gateway Version11.1.2.4.0
OracleApplication Testing Suite Version13.3.0.1
OracleBanking Platform Version2.6.0
OracleBanking Platform Version2.6.1
OracleBanking Platform Version2.6.2
OracleBi Publisher Version11.1.1.7.0
OracleBi Publisher Version11.1.1.9.0
OracleBi Publisher Version12.2.1.3.0
OracleBi Publisher Version12.2.1.4.0
OracleCommunications Network Integrity Version >= 7.3.2 <= 7.3.6
OracleConfiguration Manager Version12.1.2.0.2
OracleConfiguration Manager Version12.1.2.0.5
OracleEnterprise Data Quality Version12.2.1.3.0
OracleFinancial Services Behavior Detection Platform Version >= 8.0.0.0.0 <= 8.0.4.0.0
OracleFinancial Services Lending And Leasing Version >= 14.1.0 <= 14.8.0
OracleFinancial Services Profitability Management Version >= 8.0.0.0.0 <= 8.0.7.0.0
OracleFusion Middleware Mapviewer Version12.2.1.2
OracleFusion Middleware Mapviewer Version12.2.1.3
OracleGoldengate Version12.3.2.1.1
OracleGoldengate Application Adapters Version12.3.2.1.1
OracleIdentity Analytics Version11.1.1.5.8
OracleIdentity Management Suite Version11.1.2.3.0
OracleIdentity Management Suite Version12.2.1.3.0
OracleInstantis Enterprisetrack Version >= 17.1 <= 17.3
OracleJdeveloper Version11.1.1.9.0
OracleJdeveloper Version12.1.3.0.0
OracleJdeveloper Version12.2.1.3.0
OracleMysql Enterprise Monitor Version >= 3.4.0.0 <= 3.4.7.4297
OracleMysql Enterprise Monitor Version >= 4.0.0.0 <= 4.0.4.5235
OracleMysql Enterprise Monitor Version >= 8.0.0.0.0 <= 8.0.0.8131
OraclePolicy Automation Version10.4.7
OraclePolicy Automation Version12.1.0
OraclePolicy Automation Version12.1.1
OraclePolicy Automation Version12.2.0
OraclePolicy Automation Version12.2.1
OraclePolicy Automation Version12.2.2
OraclePolicy Automation Version12.2.3
OraclePolicy Automation Version12.2.4
OraclePolicy Automation Version12.2.5
OraclePolicy Automation Version12.2.6
OraclePolicy Automation Version12.2.7
OraclePolicy Automation Version12.2.8
OraclePolicy Automation Version12.2.9
OraclePolicy Automation Version12.2.10
OraclePrimavera Gateway Version >= 16.2.0 <= 16.2.11
OraclePrimavera Gateway Version >= 17.12.0 <= 17.12.7
OracleRapid Planning Version12.1
OracleRapid Planning Version12.2
OracleRetail Integration Bus Version14.0.0
OracleRetail Integration Bus Version14.1.0
OracleRetail Integration Bus Version15.0
OracleRetail Integration Bus Version16.0
OracleSiebel Ui Framework Version18.7
OracleSiebel Ui Framework Version18.8
OracleSiebel Ui Framework Version18.9
OracleSoa Suite Version12.1.3.0.0
OracleSoa Suite Version12.2.1.3.0
OracleSoa Suite Version12.2.2.0.0
OracleTape Library Acsls Version8.4
OracleTimesten In-memory Database Version11.2.2.8.49
OracleWeblogic Server Version10.3.6.0.0
OracleWeblogic Server Version12.1.3.0.0
OracleWeblogic Server Version12.2.1.3.0
OracleWeblogic Server Version12.2.1.4.0
OracleWeblogic Server Version14.1.1.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 89.04% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
https://www.oracle.com/security-alerts/cpujan2022.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2808
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2809
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2810
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2811
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1545
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1801
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1802
Third Party Advisory
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/12/19/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/97702
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040200
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041294
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1417
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2423
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2633
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2635
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2636
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2637
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2638
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2888
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2889
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3244
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3399
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3400
Third Party Advisory
https://issues.apache.org/jira/browse/LOG4J2-1863
Vendor Advisory
Issue Tracking
https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E
https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E
https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E
https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E
https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E
https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E
https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E
https://security.netapp.com/advisory/ntap-20180726-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181107-0002/
Third Party Advisory