Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability

Apache Log4j is prone to remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

Apache Log4j 2.0-alpha1 through 2.8.1 are vulnerable.


Bugtraq ID: 97702
Class: Input Validation Error
CVE: CVE-2017-5645

Remote: Yes
Local: No
Published: Apr 17 2017 12:00AM
Updated: Apr 17 2017 09:07PM
Credit: Marcio Almeida de Macedo of Red Team at Telstra.
Vulnerable: Apache Log4j 2.8.1
Apache Log4j 2.0-alpha1

Not Vulnerable: Apache Log4j 2.8.2

Related Posts