vulnerability
CentOS Linux: CVE-2017-5645: Important: log4j security update (CESA-2017:2423)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2017-04-17 | 2019-08-28 | 2023-05-25 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2017-04-17
Added
2019-08-28
Modified
2023-05-25
Description
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Solution(s)
centos-upgrade-log4jcentos-upgrade-log4j-javadoccentos-upgrade-log4j-manual
References
- BID-97702
- NVD-CVE-2017-5645
- REDHAT-RHSA-2017:1417
- REDHAT-RHSA-2017:1801
- REDHAT-RHSA-2017:1802
- REDHAT-RHSA-2017:2423
- REDHAT-RHSA-2017:2633
- REDHAT-RHSA-2017:2635
- REDHAT-RHSA-2017:2636
- REDHAT-RHSA-2017:2637
- REDHAT-RHSA-2017:2638
- REDHAT-RHSA-2017:2808
- REDHAT-RHSA-2017:2809
- REDHAT-RHSA-2017:2810
- REDHAT-RHSA-2017:2811
- REDHAT-RHSA-2017:2888
- REDHAT-RHSA-2017:2889
- REDHAT-RHSA-2017:3244
- REDHAT-RHSA-2017:3399
- REDHAT-RHSA-2017:3400
- REDHAT-RHSA-2019:1545
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.