RULE(RULE ID:715632)

Rule General Information
Release Date: 2022-07-20
Rule Name: Apache Log4j Server Deserialization Command Execution Vulnerability (CVE-2017-5645)
Severity:
CVE ID:
Rule Protection Details
Description: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Impact: An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux, Others
Reference: SecurityFocusBID:97702
SecurityTrackerID:1041294
http://www.openwall.com/lists/oss-security/2019/12/19/2
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Solutions
The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://issues.apache.org/jira/browse/LOG4J2-1863