Vulnerability CVE-2017-5645

Published: 2017-04-17   Modified: 2017-04-18

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

See advisories in our WLB2 database:
Apache Log4j socket receiver deserialization vulnerability



(Deserialization of Untrusted Data)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact
Affected software
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux workstation 
Oracle -> Configuration manager 
Oracle -> Identity management suite 
Oracle -> Soa suite 
Oracle -> Enterprise data quality 
Oracle -> Insurance calculation engine 
Oracle -> Tape library acsls 
Oracle -> Enterprise manager base platform 
Oracle -> Insurance policy administration 
Oracle -> Utilities work and asset management 
Oracle -> Enterprise manager for fusion middleware 
Oracle -> Insurance rules palette 
Oracle -> Enterprise manager for mysql database 
Oracle -> Jd edwards enterpriseone tools 
Oracle -> Enterprise manager for oracle database 
Oracle -> Jdeveloper 
Oracle -> Enterprise manager for peoplesoft 
Oracle -> Peoplesoft enterprise fin install 
Oracle -> Financial services analytical applications infrastructure 
Oracle -> Policy automation 
Oracle -> Api gateway 
Oracle -> Financial services behavior detection platform 
Oracle -> Policy automation connector for siebel 
Oracle -> Autovue vuelink integration 
Oracle -> Financial services hedge management and ifrs valuations 
Oracle -> Policy automation for mobile devices 
Oracle -> Banking platform 
Oracle -> Financial services loan loss forecasting and provisioning 
Oracle -> Retail clearance optimization engine 
Oracle -> Communications messaging server 
Oracle -> Bi publisher 
Oracle -> Financial services profitability management 
Oracle -> Retail extract transform and load 
Oracle -> Mysql enterprise monitor 
Oracle -> Communications converged application server - service controller 
Oracle -> Flexcube investor servicing 
Oracle -> Retail integration bus 
Oracle -> Communications online mediation controller 
Oracle -> Fusion middleware mapviewer 
Oracle -> Retail open commerce platform 
Oracle -> Communications pricing design center 
Oracle -> Goldengate application adapters 
Oracle -> Retail predictive application server 
Oracle -> Communications service broker 
Oracle -> Identity analytics 
Oracle -> Siebel ui framework 
Netapp -> Oncommand api services 
Netapp -> Oncommand insight 
Netapp -> Oncommand workflow automation 
Netapp -> Service level manager 
Netapp -> Snapcenter 
Netapp -> Storage automation store 
Apache -> Log4j 


Copyright 2021,


Back to Top