vulnerability
Oracle WebLogic: CVE-2017-5645 : Critical Patch Update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2017-04-17 | 2018-04-03 | 2020-05-27 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2017-04-17
Added
2018-04-03
Modified
2020-05-27
Description
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Solution(s)
oracle-weblogic-apr-2018-cpu-10_3_6_0_0oracle-weblogic-apr-2018-cpu-12_1_3_0_0oracle-weblogic-apr-2018-cpu-12_2_1_2_0oracle-weblogic-apr-2018-cpu-12_2_1_3_0
References
- BID-97702
- CVE-2017-5645
- https://attackerkb.com/topics/CVE-2017-5645
- REDHAT-RHSA-2017:1417
- REDHAT-RHSA-2017:1801
- REDHAT-RHSA-2017:1802
- REDHAT-RHSA-2017:2423
- REDHAT-RHSA-2017:2633
- REDHAT-RHSA-2017:2635
- REDHAT-RHSA-2017:2636
- REDHAT-RHSA-2017:2637
- REDHAT-RHSA-2017:2638
- REDHAT-RHSA-2017:2808
- REDHAT-RHSA-2017:2809
- REDHAT-RHSA-2017:2810
- REDHAT-RHSA-2017:2811
- REDHAT-RHSA-2017:2888
- REDHAT-RHSA-2017:2889
- REDHAT-RHSA-2017:3244
- REDHAT-RHSA-2017:3399
- REDHAT-RHSA-2017:3400
- REDHAT-RHSA-2019:1545
- URL-http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- URL-https://support.oracle.com/rs?type=doc&id=2353306.1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.