CVE-2017-5645 apache-log4j2

Metadata

high
7.5
apache-log4j2
CVE-2017-5645
2017-06-18 07:51
CVE-2017-5645
2017-06-16 19:22
2017-04-26 05:03
2017-04-20 05:03
2017-04-19 05:03
2017-04-18 19:03
2017-04-17 18:03

Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster apache-log4j2 2.7-2
jessie apache-log4j2 None
sid apache-log4j2 2.7-2
stretch apache-log4j2 2.7-2