- Contains Software Flaws (CVE)
- CPE Product Version: cpe:/a:apache:log4j:2.4
There are 1 matching records.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
April 17, 2017; 05:59:00 PM -04:00
V3.0: 9.8 CRITICAL
V2: 7.5 HIGH