CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2598
https://notcve.org/view.php?id=CVE-2015-2598
Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect integrity via unknown vectors related to Mobile - iPad. Vulnerabilidad no especificada en la aplicación móvil en Oracle Business Intelligence Enterprise Edition en Oracle Fusion Middleware en la versión anterior a 11.1.1.7.0 (11.6.39), permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con Móviles - iPad. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 2.6EPSS: 0%CPEs: 7EXPL: 0CVE-2015-4744
https://notcve.org/view.php?id=CVE-2015-4744
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2; y en el Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0 y 12.1.3.0, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Java Server Faces. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032953 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2623
https://notcve.org/view.php?id=CVE-2015-2623
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to Java Server Faces. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.0.1 y 3.1.2, y en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0 y 12.1.3.0, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Java Server Faces. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032953 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0401
https://notcve.org/view.php?id=CVE-2015-0401
Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. Vulnerabilidad no especificada en el componente Oracle Directory Server Enterprise Edition en Oracle Fusion Middleware 7.0 y 11.1.1.7 permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con Admin Console. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72212 •