ID CVE-2017-5645
Summary In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:log4j:2.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta6:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta6:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_messaging_server:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_messaging_server:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_messaging_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_messaging_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_messaging_server:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_messaging_server:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_messaging_server:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_messaging_server:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:8.0.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:8.0.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:8.0.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:8.0.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_profitability_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-06-2019 - 00:15)
Impact:
Exploitability:
CWE CWE-502
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1443635
    title CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment log4j is earlier than 0:1.2.17-16.el7_4
          oval oval:com.redhat.rhsa:tst:20172423005
        • comment log4j is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172423006
      • AND
        • comment log4j-javadoc is earlier than 0:1.2.17-16.el7_4
          oval oval:com.redhat.rhsa:tst:20172423009
        • comment log4j-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172423010
      • AND
        • comment log4j-manual is earlier than 0:1.2.17-16.el7_4
          oval oval:com.redhat.rhsa:tst:20172423007
        • comment log4j-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172423008
    rhsa
    id RHSA-2017:2423
    released 2017-08-07
    severity Important
    title RHSA-2017:2423: log4j security update (Important)
  • rhsa
    id RHSA-2017:1417
  • rhsa
    id RHSA-2017:1801
  • rhsa
    id RHSA-2017:1802
  • rhsa
    id RHSA-2017:2633
  • rhsa
    id RHSA-2017:2635
  • rhsa
    id RHSA-2017:2636
  • rhsa
    id RHSA-2017:2637
  • rhsa
    id RHSA-2017:2638
  • rhsa
    id RHSA-2017:2808
  • rhsa
    id RHSA-2017:2809
  • rhsa
    id RHSA-2017:2810
  • rhsa
    id RHSA-2017:2811
  • rhsa
    id RHSA-2017:2888
  • rhsa
    id RHSA-2017:2889
  • rhsa
    id RHSA-2017:3244
  • rhsa
    id RHSA-2017:3399
  • rhsa
    id RHSA-2017:3400
rpms
  • log4j-0:1.2.17-16.el7_4
  • log4j-javadoc-0:1.2.17-16.el7_4
  • log4j-manual-0:1.2.17-16.el7_4
refmap via4
bid 97702
confirm
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
sectrack
  • 1040200
  • 1041294
Last major update 19-06-2019 - 00:15
Published 17-04-2017 - 21:59
Back to Top