CVE-2021-45105
- EPSS 65.66%
- Published 18.12.2021 12:15:07
- Last modified 21.11.2024 06:31:58
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...
CVE-2020-9488
- EPSS 0.01%
- Published 27.04.2020 16:15:12
- Last modified 21.11.2024 05:40:45
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...
CVE-2017-5645
- EPSS 94.01%
- Published 17.04.2017 21:59:00
- Last modified 20.04.2025 01:37:25
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.