Описание
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.10.0-2 |
| cosmic | not-affected | 2.10.0-2 |
| devel | not-affected | 2.10.0-2 |
| disco | not-affected | 2.10.0-2 |
| eoan | not-affected | 2.10.0-2 |
| esm-apps/bionic | not-affected | 2.10.0-2 |
| esm-apps/focal | not-affected | 2.10.0-2 |
| esm-apps/jammy | not-affected | 2.10.0-2 |
| esm-apps/noble | not-affected | 2.10.0-2 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3