CVE-2017-5645 (CNNVD-201704-852)

CRITICAL
中文标题:
Apache Log4j 代码问题漏洞
英文标题:
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s...
CVSS分数: 9.8
发布时间: 2017-04-17 21:00:00
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j 2.8.2之前的2.x版本中存在代码问题漏洞。攻击者可利用该漏洞执行任意代码。

英文描述:

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CWE类型:
CWE-502
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Apache Software Foundation Apache Log4j All versions between 2.0-alpha1 and 2.8.1 - - cpe:2.3:a:apache_software_foundation:apache_log4j:all_versions_between_2.0-alpha1_and_2.8.1:*:*:*:*:*:*:*
apache log4j * - - cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
netapp oncommand_api_services - - - cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
netapp oncommand_insight - - - cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netapp oncommand_workflow_automation - - - cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netapp service_level_manager - - - cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
netapp snapcenter - - - cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netapp storage_automation_store - - - cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
redhat fuse 1.0 - - cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
redhat enterprise_linux 6.0 - - cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhat enterprise_linux 6.7 - - cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
redhat enterprise_linux 7.0 - - cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhat enterprise_linux 7.3 - - cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
redhat enterprise_linux 7.4 - - cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
redhat enterprise_linux 7.5 - - cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
redhat enterprise_linux 7.6 - - cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 7.0 - - cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 7.0 - - cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.4 - - cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.6 - - cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.4 - - cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.5 - - cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.6 - - cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.4 - - cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.6 - - cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 7.0 - - cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
oracle api_gateway 11.1.2.4.0 - - cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
oracle application_testing_suite 13.3.0.1 - - cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oracle autovue_vuelink_integration 21.0.0 - - cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*
oracle autovue_vuelink_integration 21.0.1 - - cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*
oracle banking_platform 2.6.0 - - cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
oracle banking_platform 2.6.1 - - cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
oracle banking_platform 2.6.2 - - cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
oracle bi_publisher 11.1.1.7.0 - - cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*
oracle bi_publisher 11.1.1.9.0 - - cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
oracle bi_publisher 12.2.1.3.0 - - cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
oracle bi_publisher 12.2.1.4.0 - - cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
oracle communications_converged_application_server_-_service_controller 6.1 - - cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*
oracle communications_instant_messaging_server 10.0.1.3.0 - - cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*
oracle communications_interactive_session_recorder * - - cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*
oracle communications_messaging_server * - - cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*
oracle communications_network_integrity * - - cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*
oracle communications_online_mediation_controller 6.1 - - cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*
oracle communications_pricing_design_center 11.1 - - cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*
oracle communications_pricing_design_center 12.0 - - cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*
oracle communications_service_broker 6.0 - - cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
oracle communications_webrtc_session_controller * - - cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
oracle configuration_manager 12.1.2.0.2 - - cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*
oracle configuration_manager 12.1.2.0.5 - - cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*
oracle endeca_information_discovery_studio 3.2.0 - - cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
oracle enterprise_data_quality 12.2.1.3.0 - - cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 12.1.0.5 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.2.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_for_fusion_middleware 12.1.0.5 - - cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*
oracle enterprise_manager_for_fusion_middleware 13.2.0.0 - - cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_for_mysql_database * - - cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*
oracle enterprise_manager_for_oracle_database 12.1.0.8 - - cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*
oracle enterprise_manager_for_oracle_database 13.2.2 - - cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*
oracle enterprise_manager_for_peoplesoft 13.1.1.1 - - cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*
oracle enterprise_manager_for_peoplesoft 13.2.1.1 - - cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*
oracle financial_services_analytical_applications_infrastructure * - - cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
oracle financial_services_behavior_detection_platform * - - cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
oracle financial_services_behavior_detection_platform 6.1.1 - - cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*
oracle financial_services_hedge_management_and_ifrs_valuations 8.0.4 - - cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
oracle financial_services_hedge_management_and_ifrs_valuations 8.0.5 - - cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
oracle financial_services_lending_and_leasing * - - cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*
oracle financial_services_lending_and_leasing 12.5.0 - - cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
oracle financial_services_loan_loss_forecasting_and_provisioning 8.0.4 - - cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*
oracle financial_services_loan_loss_forecasting_and_provisioning 8.0.5 - - cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*
oracle financial_services_profitability_management * - - cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*
oracle financial_services_profitability_management 6.1.1 - - cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0 - - cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*
oracle flexcube_investor_servicing 12.0.4 - - cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
oracle flexcube_investor_servicing 12.1.0 - - cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
oracle flexcube_investor_servicing 12.3.0 - - cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
oracle flexcube_investor_servicing 12.4.0 - - cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
oracle flexcube_investor_servicing 14.0.0 - - cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
oracle fusion_middleware_mapviewer 12.2.1.2 - - cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*
oracle fusion_middleware_mapviewer 12.2.1.3 - - cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*
oracle goldengate 12.3.2.1.1 - - cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:*
oracle goldengate_application_adapters 12.3.2.1.1 - - cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*
oracle identity_analytics 11.1.1.5.8 - - cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*
oracle identity_management_suite 11.1.2.3.0 - - cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*
oracle identity_management_suite 12.2.1.3.0 - - cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
oracle identity_manager_connector 9.0 - - cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*
oracle in-memory_performance-driven_planning 12.1 - - cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:*
oracle in-memory_performance-driven_planning 12.2 - - cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:*
oracle instantis_enterprisetrack * - - cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*
oracle insurance_calculation_engine 10.1.1 - - cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
oracle insurance_calculation_engine 10.2.1 - - cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
oracle insurance_policy_administration 10.0 - - cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*
oracle insurance_policy_administration 10.1 - - cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*
oracle insurance_policy_administration 10.2 - - cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.0 - - cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
oracle insurance_rules_palette 10.0 - - cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
oracle insurance_rules_palette 10.1 - - cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
oracle insurance_rules_palette 10.2 - - cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.0 - - cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.1 - - cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools 4.0.1.0 - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools 9.2 - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
oracle jdeveloper 11.1.1.9.0 - - cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
oracle jdeveloper 12.1.3.0.0 - - cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
oracle jdeveloper 12.2.1.3.0 - - cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
oracle mysql_enterprise_monitor * - - cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_fin_install 9.2 - - cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*
oracle policy_automation 10.4.7 - - cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
oracle policy_automation 12.1.0 - - cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
oracle policy_automation 12.1.1 - - cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
oracle policy_automation 12.2.0 - - cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*
oracle policy_automation 12.2.1 - - cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*
oracle policy_automation 12.2.2 - - cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*
oracle policy_automation 12.2.3 - - cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*
oracle policy_automation 12.2.4 - - cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*
oracle policy_automation 12.2.5 - - cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*
oracle policy_automation 12.2.6 - - cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*
oracle policy_automation 12.2.7 - - cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*
oracle policy_automation 12.2.8 - - cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*
oracle policy_automation 12.2.9 - - cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*
oracle policy_automation 12.2.10 - - cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*
oracle policy_automation_connector_for_siebel 10.4.6 - - cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 10.4.7 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.1.0 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.1.1 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.0 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.1 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.2 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.3 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.4 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.5 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.6 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.7 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.8 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.9 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*
oracle policy_automation_for_mobile_devices 12.2.10 - - cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*
oracle primavera_gateway * - - cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracle rapid_planning 12.1 - - cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
oracle rapid_planning 12.2 - - cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
oracle retail_advanced_inventory_planning 14.0 - - cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:*
oracle retail_advanced_inventory_planning 15.0 - - cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
oracle retail_clearance_optimization_engine 14.0.5 - - cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
oracle retail_extract_transform_and_load 13.0 - - cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*
oracle retail_extract_transform_and_load 13.1 - - cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*
oracle retail_extract_transform_and_load 13.2 - - cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*
oracle retail_extract_transform_and_load 19.0 - - cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
oracle retail_integration_bus 14.0.0 - - cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*
oracle retail_integration_bus 14.1.0 - - cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*
oracle retail_integration_bus 15.0 - - cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
oracle retail_integration_bus 16.0 - - cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
oracle retail_open_commerce_platform 5.3.0 - - cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
oracle retail_open_commerce_platform 6.0.0 - - cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
oracle retail_open_commerce_platform 6.0.1 - - cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
oracle retail_predictive_application_server 15.0.3 - - cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
oracle retail_service_backbone 14.1 - - cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
oracle retail_service_backbone 15.0 - - cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
oracle retail_service_backbone 16.0 - - cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
oracle siebel_ui_framework 18.7 - - cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*
oracle siebel_ui_framework 18.8 - - cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*
oracle siebel_ui_framework 18.9 - - cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*
oracle soa_suite 12.1.3.0.0 - - cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
oracle soa_suite 12.2.1.3.0 - - cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
oracle soa_suite 12.2.2.0.0 - - cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*
oracle tape_library_acsls 8.4 - - cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
oracle timesten_in-memory_database 11.2.2.8.49 - - cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*
oracle utilities_advanced_spatial_and_operational_analytics 2.7.0.1 - - cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*
oracle utilities_work_and_asset_management 1.9.1.2.12 - - cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*
oracle weblogic_server 10.3.6.0.0 - - cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
oracle weblogic_server 12.1.3.0.0 - - cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.3.0 - - cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.4.0 - - cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
oracle weblogic_server 14.1.1.0.0 - - cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2017:2888 vendor-advisory
cve.org
访问
RHSA-2017:2809 vendor-advisory
cve.org
访问
97702 vdb-entry
cve.org
访问
1041294 vdb-entry
cve.org
访问
RHSA-2017:2810 vendor-advisory
cve.org
访问
RHSA-2017:1801 vendor-advisory
cve.org
访问
RHSA-2017:2889 vendor-advisory
cve.org
访问
RHSA-2017:2635 vendor-advisory
cve.org
访问
RHSA-2017:2638 vendor-advisory
cve.org
访问
RHSA-2017:1417 vendor-advisory
cve.org
访问
RHSA-2017:2423 vendor-advisory
cve.org
访问
RHSA-2017:2808 vendor-advisory
cve.org
访问
1040200 vdb-entry
cve.org
访问
RHSA-2017:2636 vendor-advisory
cve.org
访问
RHSA-2017:3399 vendor-advisory
cve.org
访问
RHSA-2017:2637 vendor-advisory
cve.org
访问
RHSA-2017:3244 vendor-advisory
cve.org
访问
RHSA-2017:3400 vendor-advisory
cve.org
访问
RHSA-2017:2633 vendor-advisory
cve.org
访问
RHSA-2017:2811 vendor-advisory
cve.org
访问
RHSA-2017:1802 vendor-advisory
cve.org
访问
RHSA-2019:1545 vendor-advisory
cve.org
访问
[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities mailing-list
cve.org
访问
[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17? mailing-list
cve.org
访问
[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer mailing-list
cve.org
访问
[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer mailing-list
cve.org
访问
[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer mailing-list
cve.org
访问
[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer mailing-list
cve.org
访问
[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] mailing-list
cve.org
访问
[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23] mailing-list
cve.org
访问
[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] mailing-list
cve.org
访问
[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] mailing-list
cve.org
访问
[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10] mailing-list
cve.org
访问
[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image mailing-list
cve.org
访问
[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571 mailing-list
cve.org
访问
[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue mailing-list
cve.org
访问
[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 mailing-list
cve.org
访问
[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 mailing-list
cve.org
访问
[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 mailing-list
cve.org
访问
[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 mailing-list
cve.org
访问
[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
CVSS评分详情
9.8
CRITICAL
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS版本: 3.1
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2017-04-17 21:00:00
修改时间:
2024-08-05 15:11:47
创建时间:
2025-11-11 15:34:49
更新时间:
2025-11-11 15:53:00
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2017-5645 2025-11-11 15:19:29 2025-11-11 07:34:49
NVD nvd_CVE-2017-5645 2025-11-11 14:55:27 2025-11-11 07:43:26
CNNVD cnnvd_CNNVD-201704-852 2025-11-11 15:09:48 2025-11-11 07:53:00
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:53:00
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-201704-852; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-201704-852
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:43:26
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 9.8; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 1 → 171; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
  • cvss_score: 未提取 -> 9.8
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 1 -> 171
  • data_sources: ['cve'] -> ['cve', 'nvd']