PT-2017-4052 · Apache+2 · Apache Log4J+2

Published

2017-04-17

Updated

2022-06-15

CVE-2017-5645

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Log4j versions prior to 2.8.2

Description The issue is related to the deserialization of log events in Apache Log4j. When using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. This allows a remote attacker to execute arbitrary code.

Recommendations For versions prior to 2.8.2, update to version 2.8.2 or later to resolve the issue. As a temporary workaround, consider disabling the TCP socket server and UDP socket server until a patch is available. Restrict access to the log event reception functionality to minimize the risk of exploitation.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2021-01051

CESA-2017_2423

CVE-2017-5645

ELSA-2017-2423

ELSA-2022-9419

GHSA-FXPH-Q3J8-MV87

OPENSUSE-SU-2024:11026-1

RHSA-2017:1417

RHSA-2017:1801

RHSA-2017:2423

RHSA-2017:2635

RHSA-2017:2636

RHSA-2017:2637

RHSA-2017:2638

RHSA-2017:2808

RHSA-2017:2809

RHSA-2017:2811

RHSA-2017:3399

RHSA-2017_2423

RHSA-2022_5053

Affected Products

Apache Log4J

Centos

Red Hat

PT-2017-4052 · Apache+2 · Apache Log4J+2

CVE-2017-5645

Weakness Enumeration

Related Identifiers

Affected Products

References · 141