Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WebLogic Deserialization of Untrusted Data Vulnerability - CVE-2017-5645 - Vulnerability Database
WebLogic

WebLogic Deserialization of Untrusted Data Vulnerability - CVE-2017-5645

Critical
Reference: CVE-2017-5645
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-5645
Title: WebLogic Deserialization of Untrusted Data Vulnerability
Overview:

In Apache Log4j 2.x before 2.8.2 when using the TCP socket server or UDP socket server to receive serialized log events from another application a specially crafted binary payload can be sent that when deserialized can execute arbitrary code.