{"containers":{"cna":{"affected":[{"product":"Apache Log4j","vendor":"Apache Software Foundation","versions":[{"status":"affected","version":"All versions between 2.0-alpha1 and 2.8.1"}]}],"datePublic":"2017-04-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code."}],"problemTypes":[{"descriptions":[{"description":"Remote Code Execution.","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-02-07T14:40:00.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"name":"RHSA-2017:2888","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2888"},{"name":"RHSA-2017:2809","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2809"},{"name":"97702","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/97702"},{"name":"1041294","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1041294"},{"name":"RHSA-2017:2810","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2810"},{"name":"RHSA-2017:1801","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"name":"RHSA-2017:2889","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2889"},{"name":"RHSA-2017:2635","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2635"},{"name":"RHSA-2017:2638","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2638"},{"name":"RHSA-2017:1417","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:1417"},{"name":"RHSA-2017:2423","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2423"},{"name":"RHSA-2017:2808","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2808"},{"name":"1040200","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1040200"},{"name":"RHSA-2017:2636","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2636"},{"name":"RHSA-2017:3399","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:3399"},{"name":"RHSA-2017:2637","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2637"},{"name":"RHSA-2017:3244","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:3244"},{"name":"RHSA-2017:3400","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:3400"},{"name":"RHSA-2017:2633","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2633"},{"name":"RHSA-2017:2811","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:2811"},{"name":"RHSA-2017:1802","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"name":"RHSA-2019:1545","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:1545"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"},{"name":"[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E"},{"name":"[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E"},{"name":"[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2019/12/19/2"},{"name":"[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E"},{"name":"[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E"},{"name":"[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E"},{"name":"[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E"},{"name":"[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E"},{"name":"[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E"},{"name":"[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20181107-0002/"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20180726-0002/"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/jira/browse/LOG4J2-1863"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"name":"[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E"},{"name":"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"name":"[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E"},{"name":"[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"name":"[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2017-5645","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Log4j","version":{"version_data":[{"version_value":"All versions between 2.0-alpha1 and 2.8.1"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote Code Execution."}]}]},"references":{"reference_data":[{"name":"RHSA-2017:2888","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2888"},{"name":"RHSA-2017:2809","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2809"},{"name":"97702","refsource":"BID","url":"http://www.securityfocus.com/bid/97702"},{"name":"1041294","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041294"},{"name":"RHSA-2017:2810","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2810"},{"name":"RHSA-2017:1801","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"name":"RHSA-2017:2889","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2889"},{"name":"RHSA-2017:2635","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2635"},{"name":"RHSA-2017:2638","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2638"},{"name":"RHSA-2017:1417","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:1417"},{"name":"RHSA-2017:2423","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2423"},{"name":"RHSA-2017:2808","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2808"},{"name":"1040200","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040200"},{"name":"RHSA-2017:2636","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2636"},{"name":"RHSA-2017:3399","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:3399"},{"name":"RHSA-2017:2637","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2637"},{"name":"RHSA-2017:3244","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:3244"},{"name":"RHSA-2017:3400","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:3400"},{"name":"RHSA-2017:2633","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2633"},{"name":"RHSA-2017:2811","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2811"},{"name":"RHSA-2017:1802","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"name":"RHSA-2019:1545","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:1545"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","refsource":"MLIST","url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"},{"name":"[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?","refsource":"MLIST","url":"https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E"},{"name":"[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","refsource":"MLIST","url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E"},{"name":"[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2019/12/19/2"},{"name":"[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","refsource":"MLIST","url":"https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E"},{"name":"[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","refsource":"MLIST","url":"https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E"},{"name":"[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E"},{"name":"[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E"},{"name":"[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E"},{"name":"[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3Cissues.activemq.apache.org%3E"},{"name":"[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3Ccommits.logging.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpuapr2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"name":"https://www.oracle.com/security-alerts/cpujul2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","refsource":"CONFIRM","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"name":"https://security.netapp.com/advisory/ntap-20181107-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20181107-0002/"},{"name":"https://security.netapp.com/advisory/ntap-20180726-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20180726-0002/"},{"name":"https://issues.apache.org/jira/browse/LOG4J2-1863","refsource":"CONFIRM","url":"https://issues.apache.org/jira/browse/LOG4J2-1863"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"},{"name":"[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3Cissues.activemq.apache.org%3E"},{"name":"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"name":"[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3Ccommits.doris.apache.org%3E"},{"name":"[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3Cissues.beam.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"name":"[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3Cgithub.beam.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2022.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T15:11:47.391Z"},"title":"CVE Program Container","references":[{"name":"RHSA-2017:2888","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2888"},{"name":"RHSA-2017:2809","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2809"},{"name":"97702","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/97702"},{"name":"1041294","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1041294"},{"name":"RHSA-2017:2810","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2810"},{"name":"RHSA-2017:1801","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"name":"RHSA-2017:2889","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2889"},{"name":"RHSA-2017:2635","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2635"},{"name":"RHSA-2017:2638","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2638"},{"name":"RHSA-2017:1417","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:1417"},{"name":"RHSA-2017:2423","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2423"},{"name":"RHSA-2017:2808","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2808"},{"name":"1040200","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1040200"},{"name":"RHSA-2017:2636","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2636"},{"name":"RHSA-2017:3399","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:3399"},{"name":"RHSA-2017:2637","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2637"},{"name":"RHSA-2017:3244","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:3244"},{"name":"RHSA-2017:3400","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:3400"},{"name":"RHSA-2017:2633","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2633"},{"name":"RHSA-2017:2811","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:2811"},{"name":"RHSA-2017:1802","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"name":"RHSA-2019:1545","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:1545"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"},{"name":"[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E"},{"name":"[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E"},{"name":"[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2019/12/19/2"},{"name":"[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E"},{"name":"[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E"},{"name":"[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E"},{"name":"[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E"},{"name":"[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E"},{"name":"[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E"},{"name":"[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E"},{"name":"[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E"},{"name":"[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20181107-0002/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20180726-0002/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/jira/browse/LOG4J2-1863"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"name":"[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E"},{"name":"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"name":"[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E"},{"name":"[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"name":"[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E"},{"name":"[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2017-5645","datePublished":"2017-04-17T21:00:00.000Z","dateReserved":"2017-01-29T00:00:00.000Z","dateUpdated":"2024-08-05T15:11:47.391Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}