CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-5645

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile37.37th
Published2017年4月17日
Last Modified2026年5月13日

Vulnerability Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Affected Platforms (CPE)

📦
Apache

Log4j

>= 2.0 and < 2.8.2
📦
Netapp

Oncommand Api Services

All versions
📦
Netapp

Oncommand Insight

All versions
📦
Netapp

Oncommand Workflow Automation

All versions
📦
Netapp

Service Level Manager

All versions
📦
Netapp

Snapcenter

All versions
📦
Netapp

Storage Automation Store

All versions
📦
Redhat

Fuse

= 1.0
💻
Redhat

Enterprise Linux

= 6.0
💻
Redhat

Enterprise Linux

= 6.7
💻
Redhat

Enterprise Linux

= 7.0
💻
Redhat

Enterprise Linux

= 7.3
💻
Redhat

Enterprise Linux

= 7.4
💻
Redhat

Enterprise Linux

= 7.5
💻
Redhat

Enterprise Linux

= 7.6
💻
Redhat

Enterprise Linux Desktop

= 7.0
💻
Redhat

Enterprise Linux Server

= 7.0
💻
Redhat

Enterprise Linux Server Aus

= 7.4
💻
Redhat

Enterprise Linux Server Aus

= 7.6
💻
Redhat

Enterprise Linux Server Eus

= 7.4
💻
Redhat

Enterprise Linux Server Eus

= 7.5
💻
Redhat

Enterprise Linux Server Eus

= 7.6
💻
Redhat

Enterprise Linux Server Tus

= 7.4
💻
Redhat

Enterprise Linux Server Tus

= 7.6
💻
Redhat

Enterprise Linux Workstation

= 7.0
📦
Oracle

Api Gateway

= 11.1.2.4.0
📦
Oracle

Application Testing Suite

= 13.3.0.1
📦
Oracle

Autovue Vuelink Integration

= 21.0.0
📦
Oracle

Autovue Vuelink Integration

= 21.0.1
📦
Oracle

Banking Platform

= 2.6.0
📦
Oracle

Banking Platform

= 2.6.1
📦
Oracle

Banking Platform

= 2.6.2
📦
Oracle

Bi Publisher

= 11.1.1.7.0
📦
Oracle

Bi Publisher

= 11.1.1.9.0
📦
Oracle

Bi Publisher

= 12.2.1.3.0
📦
Oracle

Bi Publisher

= 12.2.1.4.0
📦
Oracle

Communications Converged Application Server Service Controller

= 6.1
📦
Oracle

Communications Instant Messaging Server

= 10.0.1.3.0
📦
Oracle

Communications Interactive Session Recorder

>= 6.0 and <= 6.2
📦
Oracle

Communications Messaging Server

< 8.0.2
📦
Oracle

Communications Network Integrity

>= 7.3.2 and <= 7.3.6
📦
Oracle

Communications Online Mediation Controller

= 6.1
📦
Oracle

Communications Pricing Design Center

= 11.1
📦
Oracle

Communications Pricing Design Center

= 12.0
📦
Oracle

Communications Service Broker

= 6.0
📦
Oracle

Communications Webrtc Session Controller

< 7.2
📦
Oracle

Configuration Manager

= 12.1.2.0.2
📦
Oracle

Configuration Manager

= 12.1.2.0.5
📦
Oracle

Endeca Information Discovery Studio

= 3.2.0
📦
Oracle

Enterprise Data Quality

= 12.2.1.3.0
📦
Oracle

Enterprise Manager Base Platform

= 12.1.0.5
📦
Oracle

Enterprise Manager Base Platform

= 13.2.0.0
📦
Oracle

Enterprise Manager For Fusion Middleware

= 12.1.0.5
📦
Oracle

Enterprise Manager For Fusion Middleware

= 13.2.0.0
📦
Oracle

Enterprise Manager For Mysql Database

<= 13.2.2.0.0
📦
Oracle

Enterprise Manager For Oracle Database

= 12.1.0.8
📦
Oracle

Enterprise Manager For Oracle Database

= 13.2.2
📦
Oracle

Enterprise Manager For Peoplesoft

= 13.1.1.1
📦
Oracle

Enterprise Manager For Peoplesoft

= 13.2.1.1
📦
Oracle

Financial Services Analytical Applications Infrastructure

>= 7.3.3.0.0 and <= 7.3.3.0.2
📦
Oracle

Financial Services Analytical Applications Infrastructure

>= 8.0.0.0.0 and <= 8.0.7.0.0
📦
Oracle

Financial Services Behavior Detection Platform

>= 8.0.0.0.0 and <= 8.0.4.0.0
📦
Oracle

Financial Services Behavior Detection Platform

= 6.1.1
📦
Oracle

Financial Services Hedge Management And Ifrs Valuations

= 8.0.4
📦
Oracle

Financial Services Hedge Management And Ifrs Valuations

= 8.0.5
📦
Oracle

Financial Services Lending And Leasing

>= 14.1.0 and <= 14.8.0
📦
Oracle

Financial Services Lending And Leasing

= 12.5.0
📦
Oracle

Financial Services Loan Loss Forecasting And Provisioning

= 8.0.4
📦
Oracle

Financial Services Loan Loss Forecasting And Provisioning

= 8.0.5
📦
Oracle

Financial Services Profitability Management

>= 8.0.0.0.0 and <= 8.0.7.0.0
📦
Oracle

Financial Services Profitability Management

= 6.1.1
📦
Oracle

Financial Services Regulatory Reporting With Agilereporter

= 8.0.9.2.0
📦
Oracle

Flexcube Investor Servicing

= 12.0.4
📦
Oracle

Flexcube Investor Servicing

= 12.1.0
📦
Oracle

Flexcube Investor Servicing

= 12.3.0
📦
Oracle

Flexcube Investor Servicing

= 12.4.0
📦
Oracle

Flexcube Investor Servicing

= 14.0.0
📦
Oracle

Fusion Middleware Mapviewer

= 12.2.1.2
📦
Oracle

Fusion Middleware Mapviewer

= 12.2.1.3
📦
Oracle

Goldengate

= 12.3.2.1.1
📦
Oracle

Goldengate Application Adapters

= 12.3.2.1.1
📦
Oracle

Identity Analytics

= 11.1.1.5.8
📦
Oracle

Identity Management Suite

= 11.1.2.3.0
📦
Oracle

Identity Management Suite

= 12.2.1.3.0
📦
Oracle

Identity Manager Connector

= 9.0
📦
Oracle

In Memory Performance Driven Planning

= 12.1
📦
Oracle

In Memory Performance Driven Planning

= 12.2
📦
Oracle

Instantis Enterprisetrack

>= 17.1 and <= 17.3
📦
Oracle

Insurance Calculation Engine

= 10.1.1
📦
Oracle

Insurance Calculation Engine

= 10.2.1
📦
Oracle

Insurance Policy Administration

= 10.0
📦
Oracle

Insurance Policy Administration

= 10.1
📦
Oracle

Insurance Policy Administration

= 10.2
📦
Oracle

Insurance Policy Administration

= 11.0
📦
Oracle

Insurance Rules Palette

= 10.0
📦
Oracle

Insurance Rules Palette

= 10.1
📦
Oracle

Insurance Rules Palette

= 10.2
📦
Oracle

Insurance Rules Palette

= 11.0
📦
Oracle

Insurance Rules Palette

= 11.1
📦
Oracle

Jd Edwards Enterpriseone Tools

= 4.0.1.0
📦
Oracle

Jd Edwards Enterpriseone Tools

= 9.2
📦
Oracle

Jdeveloper

= 11.1.1.9.0
📦
Oracle

Jdeveloper

= 12.1.3.0.0
📦
Oracle

Jdeveloper

= 12.2.1.3.0
📦
Oracle

Mysql Enterprise Monitor

>= 3.4.0.0 and <= 3.4.7.4297
📦
Oracle

Mysql Enterprise Monitor

>= 4.0.0.0 and <= 4.0.4.5235
📦
Oracle

Mysql Enterprise Monitor

>= 8.0.0.0.0 and <= 8.0.0.8131
📦
Oracle

Peoplesoft Enterprise Fin Install

= 9.2
📦
Oracle

Policy Automation

= 10.4.7
📦
Oracle

Policy Automation

= 12.1.0
📦
Oracle

Policy Automation

= 12.1.1
📦
Oracle

Policy Automation

= 12.2.0
📦
Oracle

Policy Automation

= 12.2.1
📦
Oracle

Policy Automation

= 12.2.2
📦
Oracle

Policy Automation

= 12.2.3
📦
Oracle

Policy Automation

= 12.2.4
📦
Oracle

Policy Automation

= 12.2.5
📦
Oracle

Policy Automation

= 12.2.6
📦
Oracle

Policy Automation

= 12.2.7
📦
Oracle

Policy Automation

= 12.2.8
📦
Oracle

Policy Automation

= 12.2.9
📦
Oracle

Policy Automation

= 12.2.10
📦
Oracle

Policy Automation Connector For Siebel

= 10.4.6
📦
Oracle

Policy Automation For Mobile Devices

= 10.4.7
📦
Oracle

Policy Automation For Mobile Devices

= 12.1.0
📦
Oracle

Policy Automation For Mobile Devices

= 12.1.1
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.0
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.1
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.2
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.3
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.4
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.5
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.6
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.7
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.8
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.9
📦
Oracle

Policy Automation For Mobile Devices

= 12.2.10
📦
Oracle

Primavera Gateway

>= 16.2.0 and <= 16.2.11
📦
Oracle

Primavera Gateway

>= 17.12.0 and <= 17.12.7
📦
Oracle

Rapid Planning

= 12.1
📦
Oracle

Rapid Planning

= 12.2
📦
Oracle

Retail Advanced Inventory Planning

= 14.0
📦
Oracle

Retail Advanced Inventory Planning

= 15.0
📦
Oracle

Retail Clearance Optimization Engine

= 14.0.5
📦
Oracle

Retail Extract Transform And Load

= 13.0
📦
Oracle

Retail Extract Transform And Load

= 13.1
📦
Oracle

Retail Extract Transform And Load

= 13.2
📦
Oracle

Retail Extract Transform And Load

= 19.0
📦
Oracle

Retail Integration Bus

= 14.0.0
📦
Oracle

Retail Integration Bus

= 14.1.0
📦
Oracle

Retail Integration Bus

= 15.0
📦
Oracle

Retail Integration Bus

= 16.0
📦
Oracle

Retail Open Commerce Platform

= 5.3.0
📦
Oracle

Retail Open Commerce Platform

= 6.0.0
📦
Oracle

Retail Open Commerce Platform

= 6.0.1
📦
Oracle

Retail Predictive Application Server

= 15.0.3
📦
Oracle

Retail Service Backbone

= 14.1
📦
Oracle

Retail Service Backbone

= 15.0
📦
Oracle

Retail Service Backbone

= 16.0
📦
Oracle

Siebel Ui Framework

= 18.7
📦
Oracle

Siebel Ui Framework

= 18.8
📦
Oracle

Siebel Ui Framework

= 18.9
📦
Oracle

Soa Suite

= 12.1.3.0.0
📦
Oracle

Soa Suite

= 12.2.1.3.0
📦
Oracle

Soa Suite

= 12.2.2.0.0
📦
Oracle

Tape Library Acsls

= 8.4
📦
Oracle

Timesten In Memory Database

= 11.2.2.8.49
📦
Oracle

Utilities Advanced Spatial And Operational Analytics

= 2.7.0.1
📦
Oracle

Utilities Work And Asset Management

= 1.9.1.2.12
📦
Oracle

Weblogic Server

= 10.3.6.0.0
📦
Oracle

Weblogic Server

= 12.1.3.0.0
📦
Oracle

Weblogic Server

= 12.2.1.3.0
📦
Oracle

Weblogic Server

= 12.2.1.4.0
📦
Oracle

Weblogic Server

= 14.1.1.0.0

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2019/12/19/2
🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
🔗 http://www.securityfocus.com/bid/97702
🔗 http://www.securitytracker.com/id/1040200
🔗 http://www.securitytracker.com/id/1041294

関連する脆弱性情報

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-445309.8

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228)...

CVE-2019-175319.8

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith...

CVE-2019-175719.8

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to re...