mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
202 lines
7.4 KiB
JSON
202 lines
7.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"ID": "CVE-2017-5645",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Log4j",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions between 2.0-alpha1 and 2.8.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Remote Code Execution."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "RHSA-2017:2888",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2888"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2809",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
|
|
},
|
|
{
|
|
"name": "97702",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/97702"
|
|
},
|
|
{
|
|
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
|
|
},
|
|
{
|
|
"name": "1041294",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1041294"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2810",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:1801",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2889",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2889"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2635",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2638",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
|
|
},
|
|
{
|
|
"name": "https://security.netapp.com/advisory/ntap-20181107-0002/",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://security.netapp.com/advisory/ntap-20181107-0002/"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:1417",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:1417"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2423",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2423"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2808",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
|
|
},
|
|
{
|
|
"name": "1040200",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1040200"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2636",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:3399",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3399"
|
|
},
|
|
{
|
|
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2637",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:3244",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
|
|
},
|
|
{
|
|
"name": "https://issues.apache.org/jira/browse/LOG4J2-1863",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://issues.apache.org/jira/browse/LOG4J2-1863"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:3400",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:3400"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2633",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:2811",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:1802",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
|
|
}
|
|
]
|
|
}
|
|
} |