vulnerability

Amazon Linux AMI 2: CVE-2017-5645: Security patch for log4j (ALAS-2022-1739)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 17, 2017	Aug 24, 2023	Nov 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 17, 2017

Added

Aug 24, 2023

Modified

Nov 27, 2024

Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Solutions

amazon-linux-ami-2-upgrade-log4jamazon-linux-ami-2-upgrade-log4j-javadocamazon-linux-ami-2-upgrade-log4j-manual

References

AMAZON-AL2/ALAS-2022-1739
CVE-2017-5645
https://attackerkb.com/topics/CVE-2017-5645

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today