Vulnerability CVE-2017-5645


Published: 2017-04-17

Description:
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Apache Log4j socket receiver deserialization vulnerability
Telstra
18.04.2017

Type:

CWE-502

(Deserialization of Untrusted Data)

Vendor: Oracle
Product: Jd edwards enterpriseone tools 
Version: 9.2;
Product: Peoplesoft enterprise fin install 
Version: 9.2;
Product: Tape library acsls 
Version: 8.4;
Product: Financial services analytical applications infrastructure 
Version:
8.0.5.0.0
8.0.4.0.0
8.0.3.0.0
8.0.2.0.0
8.0.1.0.0
8.0.0.0.0
See more versions on NVD
Product: Financial services profitability management 
Version:
8.0.5.0.0
8.0.4.0.0
8.0.3.0.0
8.0.2.0.0
8.0.1.0.0
8.0.0.0.0
6.1.1
See more versions on NVD
Product: Financial services hedge management and ifrs valuations 
Version: 8.0.5; 8.0.4;
Product: Financial services loan loss forecasting and provisioning 
Version: 8.0.5; 8.0.4;
Product: Communications messaging server 
Version:
8.0
7.0.5
7.0
6.3
See more versions on NVD
Product: Financial services behavior detection platform 
Version: 6.1.1;
Product: Communications online mediation controller 
Version: 6.1;
Product: Communications converged application server - service controller 
Version: 6.1;
Product: Retail open commerce platform 
Version:
6.0.1
6.0.0
5.3.0
See more versions on NVD
Product: Communications service broker 
Version: 6.0;
Product: Mysql enterprise monitor 
Version: 3.4.2.4181;
Product: Autovue vuelink integration 
Version: 21.0.1; 21.0.0;
Product: Banking platform 
Version:
2.6.2
2.6.1
2.6.0
See more versions on NVD
Product: Siebel ui framework 
Version:
18.9
18.8
18.7
See more versions on NVD
Product: Retail integration bus 
Version:
16.0
15.0
14.1.0
14.0.0
See more versions on NVD
Product: Retail predictive application server 
Version: 15.0.3;
Product: Retail clearance optimization engine 
Version: 14.0.5;
Product: Flexcube investor servicing 
Version:
14.0.0
12.4.0
12.3.0
See more versions on NVD
Product: Enterprise manager for mysql database 
Version: 13.2.2.0.0;
Product: Enterprise manager for oracle database 
Version: 13.2.2;
Product: Enterprise manager for peoplesoft 
Version: 13.2.1.1; 13.1.1.1;
Product: Enterprise manager base platform 
Version: 13.2.0.0;
Product: Enterprise manager for fusion middleware 
Version: 13.2.0.0;
Product: Retail extract transform and load 
Version:
13.2
13.1
13.0
See more versions on NVD
Product: Goldengate application adapters 
Version: 12.3.2.1.1;
Product: Policy automation for mobile devices 
Version:
12.2.9
12.2.8
12.2.7
12.2.6
See more versions on NVD
Product: Policy automation 
Version:
12.2.9
12.2.8
12.2.7
12.2.6
12.2.5
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux 
Version:
7.6
7.5
7.4
7.3
7.0
6.7
6.0
See more versions on NVD
Product: Enterprise linux server eus 
Version:
7.6
7.5
7.4
See more versions on NVD
Product: Enterprise linux server tus 
Version: 7.6; 7.4;
Product: Enterprise linux server aus 
Version: 7.6; 7.4;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Vendor: Apache
Product: Log4j 
Version:
2.8.1
2.8
2.7
2.6.2
2.6.1
2.6
2.5
2.4.1
2.4
2.3
2.2
2.1
2.0.2
2.0.1
2.0
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/97702
http://www.securitytracker.com/id/1040200
http://www.securitytracker.com/id/1041294
https://access.redhat.com/errata/RHSA-2017:1417
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:2423
https://access.redhat.com/errata/RHSA-2017:2633
https://access.redhat.com/errata/RHSA-2017:2635
https://access.redhat.com/errata/RHSA-2017:2636
https://access.redhat.com/errata/RHSA-2017:2637
https://access.redhat.com/errata/RHSA-2017:2638
https://access.redhat.com/errata/RHSA-2017:2808
https://access.redhat.com/errata/RHSA-2017:2809
https://access.redhat.com/errata/RHSA-2017:2810
https://access.redhat.com/errata/RHSA-2017:2811
https://access.redhat.com/errata/RHSA-2017:2888
https://access.redhat.com/errata/RHSA-2017:2889
https://access.redhat.com/errata/RHSA-2017:3244
https://access.redhat.com/errata/RHSA-2017:3399
https://access.redhat.com/errata/RHSA-2017:3400
https://access.redhat.com/errata/RHSA-2019:1545
https://issues.apache.org/jira/browse/LOG4J2-1863
https://security.netapp.com/advisory/ntap-20180726-0002/
https://security.netapp.com/advisory/ntap-20181107-0002/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Related CVE
CVE-2019-10071
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the co...
CVE-2019-0207
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
CVE-2019-0195
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the we...
CVE-2019-10074
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should...
CVE-2019-10073
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 18605...
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request para...
CVE-2018-17200
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it usi...
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern tha...

Copyright 2019, cxsecurity.com

 

Back to Top