The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2017-5645

Apache log4j: code execution via Socket Server Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Socket Server Deserialization of Apache log4j, in order to run code.
Vulnerable systems: log4j, Fedora, Junos Space, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Percona Server, RHEL, JBoss EAP by Red Hat.
Severity of this threat: 3/4.
Consequences of an attack: privileged access/rights, user access/rights.
Pirate's origin: intranet client.
Creation date: 18/04/2017.
Références of this weakness: cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-5645, ESA-2017-05, FEDORA-2017-2ccfbd650a, FEDORA-2017-511ebfa8a3, FEDORA-2017-7e0ff7f73a, FEDORA-2017-8348115acd, FEDORA-2017-b8358cda24, JSA10838, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:2423-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:2808-01, RHSA-2017:2809-01, RHSA-2017:2810-01, RHSA-2017:2811-01, RHSA-2017:2888-01, RHSA-2017:2889-01, RHSA-2017:3244-01, RHSA-2017:3399-01, RHSA-2017:3400-01, VIGILANCE-VUL-22460.

Description of the vulnerability

An attacker can use a vulnerability via Socket Server Deserialization of Apache log4j, in order to run code.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.