CVE-2017-5645
Published at:
-
17-04-2017 11:59
Last modified:
-
04-04-2022 06:53
Total changes:
-
13
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
Verification logic
Reference
- https://issues.apache.org/jira/browse/LOG4J2-1863
- 97702-Third Party Advisory, VDB Entry
- RHSA-2017:3244-Third Party Advisory
- RHSA-2017:2889-Third Party Advisory
- RHSA-2017:2888-Third Party Advisory
- RHSA-2017:2811-Third Party Advisory
- RHSA-2017:2810-Third Party Advisory
- RHSA-2017:2809-Third Party Advisory
- RHSA-2017:2808-Third Party Advisory
- RHSA-2017:3400-Third Party Advisory
- RHSA-2017:3399-Third Party Advisory
- RHSA-2017:2638-Third Party Advisory
- RHSA-2017:2637-Third Party Advisory
- RHSA-2017:2636-Third Party Advisory
- RHSA-2017:2635-Third Party Advisory
- RHSA-2017:2633-Third Party Advisory
- RHSA-2017:2423-Third Party Advisory
- RHSA-2017:1802-Third Party Advisory
- RHSA-2017:1801-Third Party Advisory
- RHSA-2017:1417-Third Party Advisory
- 1040200-Third Party Advisory, VDB Entry
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://security.netapp.com/advisory/ntap-20180726-0002/
- 1041294-Third Party Advisory, VDB Entry
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://security.netapp.com/advisory/ntap-20181107-0002/
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- RHSA-2019:1545-Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities-Mailing List, Third Party Advisory
- [logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?-Mailing List, Third Party Advisory
- [logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer-Mailing List, Third Party Advisory
- [announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer-Mailing List, Third Party Advisory
- [oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer-Mailing List, Third Party Advisory
- [logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer-Mailing List, Third Party Advisory
- [activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- [activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]-Mailing List, Third Party Advisory
- [tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- [tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- [tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- [tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- [tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- [tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2020.html
- [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]-Mailing List, Third Party Advisory
- [activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]-Mailing List, Third Party Advisory
- [activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]-Mailing List, Third Party Advisory
- [activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- N/A-Third Party Advisory
- [logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2020.html
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image-Mailing List, Third Party Advisory
- [activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Mailing List, Third Party Advisory
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- [doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue-Mailing List, Third Party Advisory
- [beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.html
- [beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645-Mailing List, Third Party Advisory
- [beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645-Mailing List, Third Party Advisory
- [beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645-Mailing List, Third Party Advisory
- [beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645-Mailing List, Third Party Advisory
- [beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Keywords